wyldkao Absent Member.
Absent Member.
737 views

whether I could add content of wordlist file ?


HI
SSPR could prevent user set common password to add security.
but I check document , I do not find how to manual content of wordlist.

whether I could manual add it or not?

thanks!!

wyldkao


--
wyldkao
------------------------------------------------------------------------
wyldkao's Profile: https://forums.netiq.com/member.php?userid=1688
View this thread: https://forums.netiq.com/showthread.php?t=54047

0 Likes
2 Replies
Knowledge Partner
Knowledge Partner

Re: whether I could add content of wordlist file ?

I believe you can do this by extracting the wordlist.zip file found in
webapps/sspr/WEB-INF, adding the undesirable strings to
words/wordlist.txt, recreating the zip, then putting the regenerated
wordlist.zip where the old one was. When you restart SSPR (Apache Tomcat)
it detects a change in the zip file (by checksum) and recreates the
wordlist DB cache. Note that this takes some time, and CPU resources, so
watch it there as well as in the catalina.out file for details.

I'll be testing shortly....


--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
Knowledge Partner
Knowledge Partner

Re: whether I could add content of wordlist file ?

Note that the default behavior of the system is to prevent the
case-insensitive (by default, configurable) version of the string entered
in the wordlist, but not derivations based on that string. For example,
if I enter 'john' into the wordlist, I cannot use 'John' or 'jOhN' as
passwords, but I can use 'johnny' (unless another entry prevents that). I
mention this because the NMAS way of handling excluded passwords/strings
is that any value entered in the exclusion list cannot be ANYWHERE in a
user's password, which happens to make it a nice way to exclude certain
characters from all passwords very quickly (in case your system is so
broken it needs to have certain characters excluded to prevent breaking
something poorly-written).

If you want to exclude certain strings from being anywhere in the
password, it may be better to configure your 'Password Settings' (default
actually, I think) to combine the policy from SSPR and the directory, and
then in the Universal Password (UP) policy add your own exclusions. SSPR
will then merge the two and give you the best of both worlds.

Also, there is a 'Wordlist Word Size Check' option within SSPR that may
give you some of the same ability. Its help section has the following:

<quote>
Minimum number of characters in the password that are checked against the
wordlist dictionary. For example, if the password to be checked is
"wordlist" and this setting is set to 6, then the combinations "wordli",
"wordlis", "wordlist", "ordlis", "ordlist" and "rdlist" would all be
checked against the configured dictionary. If any of these values are
equal to any word in the wordlist dictionary, then the password is
considered to match the wordlist and will be rejected. If this value is
set to zero or the password to check is smaller then the value specified
here, then the entire password is checked against the wordlist but not any
smaller parts of it.
</quote>

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.