Password Policy Implementation Rules

Rule	Policy
Expiry Rules	The expiry time is measured in number of whole days. When the expiry period is reached users are required to update their password on their next login. The default expiry period is 90 days, and the minimum is one (1) day.
	If there are existing user passwords when the expiry is enabled, the expiry time is applied from when the password was initially set by the user. If a password falls outside the new expiry period, the user is immediately prompted to change the password.
	Local Password policy is only applied to local passwords and does not apply to remote authentication modes.
	When local password policy is enabled it will remain in force until the feature is turned off.
	If the minimum password length is modified and then the password complexity feature is disabled, the minimum length requirement is not updated.
Complexity Rules	The password cannot be a palindrome (this requirement cannot be disabled except by disabling password complexity entirely). (A palindrome is a word or other sequence of characters that reads the same backward as forward, such as madam or racecar).
	The minimum length (enforced) must be at least 8 characters (this requirement cannot be disabled except by disabling password complexity entirely).
	The password should contain at least one upper case alphabetic character (enabled or disabled separately).
	The password must contain at least one numeric character (enabled/disabled separately).
	The password should contain at least one special character (e.g., #,$,%) (enabled/disabled separately).
	The password cannot contain your username.
	Complexity requirements will apply when a user next tries to update their password.
	An Administrator can force the expiry of a user's password by running the ogcli command: passwd --expire {username} to force a user to change their password.
	The operations ogadduser, ogpasswd and ogsshaddsshkey have been removed. You should instead use ogcli for these operations.