Once an administrator has added a new user's email address to the system, the user can choose a password and login securely using that password. The core authentication system stores a representation of each user's credentials in the LabKey database. Specifically, it stores a one-way hash of a salted version of the user-selected password (which increases security) and compares the hashed password with the hash stored in the core.Logins table. Administrators can configure requirements for the password strength and the password expiration period.

To configure database authentication and the associated user password rules, go to:

  • To manage database authentication, select (Admin) > Site > Admin Console.
  • Click the Admin Console Links tab.
  • Under Configuration, click Authentication.
  • Next to Database, click Configure.
  • Select a Password Strength. Options: Weak, Strong.
  • Choose a password expiration policy if desired.
  • Click Save.

For details on password configuration options see:

Note: these password configuration options only apply to user accounts authenticated against the LabKey authentication database. The configuration settings chosen here do not effect the configuration of external authentication systems, such as LDAP and CAS single sign on.


expand all collapse all