V-Spark Online Help

Password Management and Requirements

System administrators can change individual user passwords and configure password requirements for a V‑Spark installation. Users can also change their own passwords.

Updating a user password from the system settings page

The Auth portion of the User Settings screen includes a section to Update Password, where an administrator can change an individual user's password.

This section also contains a Send password reset link button, which sends the user an email with a password reset link to be used in case that password is lost or must be changed.

Managing Password Requirements

V‑Spark may be configured to require that user passwords be a certain length, or that they are changed within a certain timeframe. These settings are global to a V‑Spark installation and apply to all of its company entities.

The config option min_passwd_len enforces the minimum string length of passwords, and the option max_passwd_lifetime requires users to change their passwords after the specified number of days. Details for these options are described in the following table:

Table 1.

Name

Values

Notes

min_passwd_len

default 7

-1 or any integer from 1 to 255 (inclusive)

  • specifying a value of -1 deactivates the length requirement

  • invalid values are ignored and the default value 7 is applied

max_passwd_lifetime

default -1

-1 or any integer from 1 to 9007199254740991 (inclusive)

  • password age in days

  • default value of -1 deactivates the password age policy

  • invalid values are ignored



Users whose passwords don't meet either setting will be prompted to change their password on next login. If password policy criteria change, either because of changed or newly added settings, users will be prompted to change passwords if their passwords fail to meet policy criteria as a result of those changes. This behavior also applies in the case of upgrades from V‑Spark systems without password policy functionality to a version with these policies active.

Note also that:

  • Password rules are not configurable using the UI; they must be specified in the installation's config file.

  • When users change passwords manually via the GUI, passwords that do not meet the length rule will be rejected.

  • When passwords are set manually or programmatically via the API, passwords that do not meet the length rule will trigger a password change when the user next logs in.