From f17c78f7778c1cbf09aa26d8ab497aba29a7a48b Mon Sep 17 00:00:00 2001
From: hardik-k-shah <46007821+hardik-k-shah@users.noreply.github.com>
Date: Mon, 8 Feb 2021 11:55:02 -0800
Subject: [PATCH] Sample configuration for password strength rules (#1020)

* Sample setup for password strength configuration for internal user.
---
 securityconfig/elasticsearch.yml.example | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/securityconfig/elasticsearch.yml.example b/securityconfig/elasticsearch.yml.example
index c49f79b55d..a3efbb2871 100644
--- a/securityconfig/elasticsearch.yml.example
+++ b/securityconfig/elasticsearch.yml.example
@@ -170,6 +170,17 @@ opendistro_security.audit.type: internal_elasticsearch
 #          Use only in a private network/environment.
 #opendistro_security.allow_unsafe_democertificates: false
 
+
+
+# Password strength rules for password complexity. 
+# If you want to set up password strength rules for internal users, you can use the below settings for it. 
+# Password validation rules can be configured through regex. In the below regex example, a user must need 
+# a password with minimum 8 characters length and must include minimum one uppercase, one lower case, one digit, and one special character. 
+# And a custom error message can be configured, in case if a password is not created according to the password strength rule.   
+# opendistro_security.restapi.password_validation_regex: '(?=.*[A-Z])(?=.*[^a-zA-Z\d])(?=.*[0-9])(?=.*[a-z]).{8,}'
+# opendistro_security.restapi.password_validation_error_message: "A password must be at least 8 characters long and contain at least one uppercase letter, one lowercase letter, one digit, and one special character."
+
+
 ############## Expert settings ##############
 # WARNING: Expert settings, do only use if you know what you are doing
 # If you set wrong values here this this could be a security risk