Customize Password Policy with IdM

Posted on

I'd like to incorporate custom password policy attributes that aren't native to IdM like max class repeat (max number of consecutive characters of the same class) and password similarity (new password must differ from previous password by x characters). This is easily implementable through PAM, but is there any way I can integrate this in IdM such that any password changes that are done through IdM (CLI or web GUI) abide by this password policy?

The only avenue that seems like a potential solution involves creating a DS 389 plug-in to either validate with a script containing the appropriate logic, or bind the authentication to go through PAM, but I'm not sure if this is totally accurate/possible, especially considering the fact that modifications to IdM's DS 389 backend goes against the support agreement.

Responses