Overriding the Password Policy
What: Customize the password requirements for StorageLink Web Users and Admin Users.
Config file: /opt/swiftgw/application.properties
Key settings: password.policy.require-upper, require-lower, require-digit, require-special, min-length, prevent-previously-used-password-count
Apply: sudo systemctl restart swiftgateway
Product: StorageLink by Thorn Technologies — cloud storage gateway for secure file sharing
Overview
StorageLink ships with a default password policy. By default it enforces a minimum length of 12 characters (maximum 72), blocks common passwords against a built-in word list, and prevents reuse of the last 5 passwords. The character-class requirements — uppercase, lowercase, digit, and special characters — are available but off by default; you turn them on with the properties below.
The Update Password form shows live green checkmarks for the length, word-list, and previously-used rules. Character-class rules are enforced server-side when the password is submitted, returning an error such as "must contain 1 or more special characters."
You override the default policy by editing application.properties on the VM.
When you'd override the policy
- During a migration, to keep an existing password that doesn't meet the default policy.
- To match your organization's own password requirements, whether stricter or more relaxed.
Override the default policy
The password policy is controlled by application properties. SSH into the StorageLink VM and edit this file:
/opt/swiftgw/application.properties
Add or change any of the following properties, setting the values you want:
password.policy.require-upper=true
password.policy.require-lower=true
password.policy.require-digit=true
password.policy.require-special=true
password.policy.required-upper-count=1
password.policy.required-lower-count=1
password.policy.required-digit-count=1
password.policy.required-special-count=1
password.policy.min-length=12
password.policy.prevent-previously-used-password-count=5
password.policy.word-file=classpath:100k-most-used-passwords-NCSC.txt
| Property | Default | Purpose |
|---|---|---|
password.policy.require-upper | false | Require at least one uppercase letter |
password.policy.require-lower | false | Require at least one lowercase letter |
password.policy.require-digit | false | Require at least one digit |
password.policy.require-special | false | Require at least one special character |
password.policy.required-*-count | 0 | How many of each class to require, once the matching require-* is on |
password.policy.min-length | 12 | Minimum password length (maximum 72) |
password.policy.prevent-previously-used-password-count | 5 | Block reuse of the last N passwords |
password.policy.word-file | NCSC 100k list | Common-password blocklist |
Out of the box, a password like mypassword1234 (lowercase and digits, 12+ characters) is accepted because the character-class rules are off by default. Set the relevant require-* properties to true to enforce complexity.
For example, to relax the policy during a migration, you might set:
password.policy.require-upper=false
password.policy.require-digit=false
password.policy.require-special=false
password.policy.min-length=6
For help editing the file from the terminal, see Editing Files on Linux (nano & vi).
Apply your changes
After saving the file, restart the StorageLink service for the new policy to take effect:
sudo systemctl restart swiftgateway
The next time a user sets or changes their password, the Update Password form validates against your updated rules.
