V-Spark Online Help

Password Management and Requirements

System administrators can change individual user passwords and configure password requirements for a V‑Spark installation. Users can also change their own passwords.

Updating a user password from the system settings page

The Auth portion of the User Settings screen includes a section to Update Password, where an administrator can change an individual user's password.

This section also contains a Send password reset link button, which sends the user an email with a password reset link to be used in case that password is lost or must be changed.

Configurable Password Requirements

V‑Spark may be configured to require that user passwords be a certain length, or that they are changed within a certain timeframe. These settings are global to a V‑Spark installation and apply to all of its company entities.

The config option min_passwd_len enforces the minimum string length of passwords, and the option max_passwd_lifetime requires users to change their passwords after the specified number of days. Details for these options are described in the following table:

Table 1. Password configuration fields

Name

Values

Notes

min_passwd_len

default 7

-1 or any integer from 1 to 255 (inclusive)

  • defines the minimum string length of the password

  • specifying a value of -1 deactivates the length requirement

  • invalid values are ignored and the default value 7 is applied

max_passwd_lifetime

default -1

-1 or any integer from 1 to 9007199254740991 (inclusive)

  • defines the number of days after which the password must be changed

  • default value of -1 deactivates the password age policy

  • invalid values are ignored



Other Password Requirements

Some password requirements are not configurable and will be active in any V‑Spark installation running version 4.0.2-1 or higher. These requirements include the following:

  • A user may not change the account password to any of the previous four used.

  • Passwords must contain both letters and numbers.

  • A user must provide the current password to change the account's email address.

Password Policy Enforcement

Users whose passwords don't meet the requirements will be prompted to change their passwords on next login. If password policy criteria change, either because of reconfigured or newly added settings, users will be prompted to change their passwords if those passwords fail to meet policy criteria as a result of those changes. This behavior also applies in the case of upgrades from V‑Spark systems without password policy functionality to a version with these policies active.

Note also that:

  • Password rules are not configurable using the UI; they must be specified in the installation's config file.

  • When users change passwords manually via the GUI, passwords that do not meet the length rule will be rejected.

  • When passwords are set manually or programmatically via the API, passwords that do not meet the length rule will trigger a password change when the user next logs in.