User Passwords

You can define system-wide settings that control passwords. You can use an MQL command to encrypt user passwords for use in an LDAP environment.

This page discusses:

System-Wide Password Settings

Before defining users, you should consider what your company's password policies are and set system-wide password settings to enforce them.

One setting allows you to deny access in the current session to a user who makes repeated failed login attempts. Other settings allow you to control the composition of passwords. For example, you can require that users change their passwords every 90 days, that passwords be at least six characters, and that reusing the old password be prohibited.

The system-wide password settings apply to:

  • Every person defined in the database, except users whose person definition includes either the No Password or Disable Password clause.
  • Every attempt at setting a context.
  • Only passwords that are created or changed after the setting is defined (except for the expiration setting which affects all passwords). For example, suppose you set the minimum password size to 4 characters. From that point on, any password entered in a user’s person definition and all new passwords defined by the user in 3DEXPERIENCE platform must be at least 4 characters. Any existing password that contains less than 4 characters is unaffected. (Tip: You can make passwords for existing users conform to new system-wide password settings by making users change their passwords. Do this for all users using the expires clause, or per user using the passwordexpired clause.)

To setup your company’s password policies, use the clauses and arguments discussed in MQL Command Reference: password Command.

Encrypting Passwords

For LDAP environments, the following MQL command encrypts a password using the same algorithm used for encrypting the bootstrap file password.

After executing the command, MQL outputs the encrypted text string. Copy and paste it to the file or location where you want to save it. 

encrypt password PASSWORD_STRING

For example, to encrypt the password "secret", enter: 

encrypt password secret

Using Special Characters in Passwords

The default cipher (crypt) for encrypting passwords handles only7-bit ASCII characters. For passwords that use extended character sets (for example, for letters with diaeresis symbols such as ä, ë, ö, and ü characters in the German language), you must change the system password setting to use an encryption algorithm other than UTF-8.

This can be accomplished with the following command: 

set password cipher <cipher-type>

where <cipher-type> is one of md5, sha, smd5, or ssha.