Help Center> Identity and Access Management> API Reference> API> Security Settings> Modifying the Password Policy
Updated on 2023-07-05 GMT+08:00
View PDF

Modifying the Password Policy

Function

This API is provided for the administrator to modify the password policy.

The API can be called using both the global endpoint and region-specific endpoints. For IAM endpoints, see Regions and Endpoints.

URI

PUT /v3.0/OS-SECURITYPOLICY/domains/{domain_id}/password-policy

Table 1 URI parameters

Parameter

Mandatory

Type

Description

domain_id

Yes

String

Account ID. For details about how to obtain the account ID, see Obtaining Account, IAM User, Group, Project, Region, and Agency Information.

Request Parameters

Table 2 Parameters in the request header

Parameter

Mandatory

Type

Description

X-Auth-Token

Yes

String

Access token issued to a user to bear its identity and permissions.

For details about the permissions required by the token, see Actions.
Table 3 Parameter in the request body

Parameter

Mandatory

Type

Description

password_policy

Yes

object

Password policy.
Table 4 password_policy

Parameter

Mandatory

Type

Description

maximum_consecutive_identical_chars

No

Integer

Maximum number of times that a character is allowed to consecutively present in a password. Value range: 0–32.

minimum_password_age

No

Integer

Minimum period (minutes) after which users are allowed to make a password change. Value range: 0–1440.

minimum_password_length

No

Integer

Minimum number of characters that a password must contain. Value range: 6–32.

number_of_recent_passwords_disallowed

No

Integer

Number of previously used passwords that are not allowed. Value range: 0–10.

password_not_username_or_invert

No

Boolean

Indicates whether the password can be the username or the username spelled backwards.

password_validity_period

No

Integer

Password validity period (days). Value range: 0–180. Value 0 indicates that this requirement does not apply.

password_char_combination

No

Integer

Minimum number of character types that a password must contain. Value range: 2–4.

Response Parameters

Table 5 Parameters in the response body

Parameter

Type

Description

password_policy

object

Password policy.
Table 6 password_policy

Parameter

Type

Description

maximum_consecutive_identical_chars

Integer

Maximum number of times that a character is allowed to consecutively present in a password.

maximum_password_length

Integer

Maximum number of characters that a password can contain.

minimum_password_age

Integer

Minimum period (minutes) after which users are allowed to make a password change.

minimum_password_length

Integer

Minimum number of characters that a password must contain.

number_of_recent_passwords_disallowed

Integer

Number of previously used passwords that are not allowed.

password_not_username_or_invert

Boolean

Indicates whether the password can be the username or the username spelled backwards.

password_requirements

String

Characters that a password must contain.

password_validity_period

Integer

Password validity period (days).

password_char_combination

Integer

Minimum number of character types that a password must contain. Value range: 2–4.

Example Request

Request to change the password policy to the following: Must contain at least 6 characters, at least 3 character types, cannot be the same as the last two passwords, the minimum validity period must be 20 minutes, the password validity period must be 60 days, same characters can be used consecutively for a maximum of three times, and cannot be the same as the user name or the user name spelled backwards

PUT https://iam.myhuaweicloud.com/v3.0/OS-SECURITYPOLICY/domains/{domain_id}/password-policy 
 
{ 
  "password_policy" : { 
    "minimum_password_length" : 6, 
    "number_of_recent_passwords_disallowed" : 2, 
    "minimum_password_age" : 20, 
    "password_validity_period" : 60, 
    "maximum_consecutive_identical_chars" : 3, 
    "password_not_username_or_invert" : false,
    "password_char_combination" : 3
  } 
}

Example Response

Status code: 200

The request is successful.

{ 
  "password_policy" : { 
    "password_requirements" : "A password must contain at least two of the following: uppercase letters, lowercase letters, digits, and special characters.", 
    "minimum_password_age" : 20, 
    "minimum_password_length" : 8, 
    "maximum_password_length" : 32, 
    "number_of_recent_passwords_disallowed" : 2, 
    "password_validity_period" : 60, 
    "maximum_consecutive_identical_chars" : 3, 
    "password_not_username_or_invert" : true,
    "password_char_combination" : 3
  } 
}

Status code: 400

The request body is abnormal.

  • Example 1
{ 
   "error_msg" : "'%(key)s' is a required property.", 
   "error_code" : "IAM.0072" 
 }
  • Example 2
{ 
   "error_msg" : "Invalid input for field '%(key)s'. The value is '%(value)s'.", 
   "error_code" : "IAM.0073" 
 }

Status code: 403

Access denied.

  • Example 1
{ 
   "error_msg" : "You are not authorized to perform the requested action.", 
   "error_code" : "IAM.0002" 
 }
  • Example 2
{ 
   "error_msg" : "Policy doesn't allow %(actions)s to be performed.", 
   "error_code" : "IAM.0003" 
 }

Status code: 500

The system is abnormal.

{ 
  "error_msg" : "An unexpected error prevented the server from fulfilling your request.", 
  "error_code" : "IAM.0006" 
}

Status Codes

Status Code

Description

200

The request is successful.

400

The request body is abnormal.

401

Authentication failed.

403

Access denied.

500

The system is abnormal.

Error Codes

For details, see Error Codes.

Parent topic: Security Settings