Applies to: VisualSVN Server 5.0 and later
When using the Subversion authentication mode in VisualSVN Server, it is recommended to use a strong password policy. This article describes the available settings for enforcing such a password policy.
Managing the password policy
You can use VisualSVN Server Manager or PowerShell to view or change the current password policy for the Subversion authentication mode.
A password policy consists of two settings:
- Minimum password length,
- Require complex passwords.
Minimum password length
The Minimum password length option specifies the minimum number of characters that must be in a password. It can be set to any number greater than zero. The default minimum password length is 8.
Require complex passwords
When the Require complex passwords option is enabled, passwords must contain characters from at least three of the following categories:
- Uppercase letters (A through Z).
- Lowercase letters (a through z).
- Digits (0 through 9).
- Special characters (~!@#$%^&*_-+=`|\(){}[]:;"'<>,.?/).
Managing the password policy in VisualSVN Server Manager
To view or change the password policy, do the following:
- Start the VisualSVN Server Manager console.
- In the left-hand pane, select the topmost VisualSVN Server node.
- In the top menu bar, click Action | Properties.
- Click the Authentication tab.
- In the Password policy section, view or edit the policy’s settings. This section is available only if the Authentication mode above in this tab is set to Subversion authentication.
- Click Apply for the changes to take effect.
Managing the password policy in PowerShell
As an alternative way, it is possible to view and adjust the password policy by running the following PowerShell cmdlets on the server.
-
To view the current password policy, display the server configuration with the Get-SvnServerConfiguration cmdlet and look at its
PasswordPolicyComplexityandPasswordPolicyMinLengthproperties:Get-SvnServerConfiguration | Format-List PasswordPolicyComplexity, PasswordPolicyMinLength
The
PasswordPolicyComplexitycorresponds to the Require complex passwords setting described above. -
To modify the minimum permitted password length or to require complex passwords, use the Set-SvnServerConfiguration cmdlet, specifying one or both of these policy-related properties as parameters, followed by their desired value:
Set-SvnServerConfiguration -PasswordPolicyMinLength 10 -PasswordPolicyComplexity $True
How the password policy is enforced
The configured password policy will be enforced at any attempt to change a user password in the Subversion authentication mode.
Password policy enforcement for users in the web interface
When users are given the option to change their own passwords in the web interface, a user can change his/her password only to one that meets the current requirements of the password policy. If the new password does not comply, the password change is rejected and an error message is displayed:
Users cannot circumvent the policy.
Password policy enforcement in VisualSVN Server Manager
The password policy is also enforced when the server administrator sets a user password in the VisualSVN Server Manager console. If the password does not meet the password policy requirements, a warning will pop up:
When warned, the administrator can either:
- Forcibly set this non-compliant password anyway by choosing 'Proceed with setting this password'.
- Or backtrack and enter a different password by choosing 'Cancel and use another password'.
Password policy enforcement in PowerShell
The password policy is also enforced when the server administrator sets a user password in PowerShell, be it for an existing user (with the Set-SvnLocalUser cmdlet) or for a new user (with the New-SvnLocalUser cmdlet).
Similarly, if the password is non-compliant with the password policy, the command will be rejected with an error:
You can repeat the command with the -Force parameter at the
end, to set this password anyway.
See also
KB181: Understanding Subversion authentication mode settings
KB165: Using VisualSVN Server PowerShell module