Page History

...

Currently The integration points are at plugins those implement UserAuthenticator wile encoding a given password.

1. plugins/user-authenticators/sha256salted
2. plugins/user-authenticators/plaintext
3. plugins/user-authenticators/md5

...

<bean id="passwordChecker" class="org.apache.cloudstack.security.password.PasswordCheckerImpl">
         <property name="name" value="DEFAULTPASSWORDCHECKER"/>
        <!-- Comment any of the below sections you want modify if you are having requirements which are differing with default values -->
        <!-- property name="minLength" value="8"/ -->
        <!-- property name="maxLength" value="16"/ -->
        <!-- property name="passwordCheckerPropertiesFile" value="password-checker.properties"/ -->
</bean>

It has the following property file to change the password strength rules.

1. password-checker.properties
   The following is the format of the file where each rule will be added in a separate line.
   pattern,optional
   pattern - Pattern to support in the password character set. Eg: @!#$%
   optional - Whether this password rule set is optional or not while enforcing the password strength 

References

 (1)  http://ianduffy.ie/cloudstack/CreatingAPlugin.pdf