System Account Password Rules

StarlingX enforces a set of strength requirements for new or changed passwords.

The following rules apply to all System Accounts (Local LDAP, sysadmin, other Linux Accounts, and Keystone accounts):

  • The password must be at least 12 characters long.

  • You cannot reuse the last 5 passwords in history.

  • The password must contain:

    • at least one lower-case character

    • at least one upper-case character

    • at least one numeric character

    • at least one special character

Note

During system bootstrap, the platform does not support the use of quotation characters in the keystone user password.

The following additional rules apply to Local Linux accounts only (Local LDAP, sysadmin, and other Linux accounts):

  • A changed password must differ from the previous password by at least three characters.

    Note

    This rule does not apply when the root user changes the password for other users, including sudo to root, to change other account’s password.

  • A changed password using only character case differences is not allowed. For example, if nEtw!rk5 is the current password, Netw!RK5 is not allowed as the new password.

    Note

    This rule does not apply when the root user changes the password for other users, including sudo to root, to change other account’s password.

  • After five consecutive incorrect password attempts, the user is locked out for 5 minutes.

    Note

    This rule does not apply to the root user.

For more details on Linux Accounts password rules see: Linux Accounts Password Rules.

Warning

Ageless passwords are not supported in StarlingX.