Interviewer - Server Admin > UNICOM Intelligence Interviewer - Server Admin architecture > Security > Password hashing and authentication > Customizing the password error message
 
Customizing the password error message
The message that displays when an incorrect password is entered can be customized by updating the PasswordMessages.mdd file (located at: fmroot\shared\Config\PasswordMessages.mdd).
1 Open fmroot\shared\Config\PasswordMessages.mdd with the MDM Explorer application.
2 Select Fields and then select the appropriate message field.
3 Select the Language tab and modify the message text content.
Notes
For new installations, the SHA-2 hash function algorithm is used regardless of whether or not Configure for FIPS 140-2 Compliance is enabled; for upgrade installations, the following rules apply:
If FIPS 140-2 is enabled
All existing user information from the previous version is upgraded in the following steps:
1 The original, encrypted user passwords are archived to a setup log file.
2 New user passwords are randomly assigned and saved to a setup log file. The log file is located at:
C:\Program Files\Common Files\IBM\SPSS\DataCollection\7\Installer\NewPassword.log
Administrators can supply users these new, temporary passwords in a manner that is in accordance with their business practices.
3 The MustChangePasswordAtNextLogin setting is enabled, which forces users to change their passwords at next login.
When upgrading on a server that is currently not configured for FIPS 140-2 compliance
You are presented with the option to reset user passwords:
If you choose to reset user passwords, the SHA-2 hash function algorithm is employed.
If you choose to not reset user passwords, the server will continue to use the MD5 hash function algorithm.
Keep the following points in mind when modifying an existing installation:
When changing Configure for FIPS 140-2 Compliance from enabled to disabled
The SHA-2 hash function algorithm will continue to be employed.
When changing Configure for FIPS 140-2 Compliance from disabled to enabled
The parameters outlined in the first bullet point are employed.
Refer to the National Institute of Standards and Technology website for more information regarding FIPS 140-2 compliance.
http://csrc.nist.gov/groups/STM/cmvp/standards.html#02
See also
Password hashing and authentication