Developer Documentation Library > Interviewer - Server Admin > UNICOM Intelligence Interviewer - Server Admin architecture > Security > Password hashing and authentication > Customizing the password error message
 
Customizing the password error message
You can change the message that displays when an incorrect password is entered.
1 Open fmroot\shared\Config\PasswordMessages.mdd with the MDM Explorer application.
2 Select Fields and then select the appropriate message field.
3 Select the Language tab and modify the message text content.
Notes
For new installations, the SHA-2 hash function algorithm is used regardless of whether or not Configure for FIPS 140-2 Compliance is enabled; for upgrade installations, the following rules apply:
If FIPS 140-2 is enabled
All existing user information from the previous version is upgraded in the following steps:
1 The original, encrypted user passwords are archived to a setup log file.
2 New user passwords are randomly assigned, and then saved to a setup log file:
C:\Program Files\Common Files\IBM\SPSS\DataCollection\7\Installer\NewPassword.log
3 The MustChangePasswordAtNextLogin setting is enabled, which forces users to change their passwords at next login.
When upgrading on a server that is not FIPS 140-2 enabled
You are presented with the option to reset user passwords:
If you reset user passwords, the SHA-2 hash function algorithm is employed.
If you do not reset user passwords, the server continues to use the MD5 hash function algorithm.
Keep the following points in mind when modifying an existing installation:
When changing Configure for FIPS 140-2 Compliance from enabled to disabled
The SHA-2 hash function algorithm will continue to be employed.
When changing Configure for FIPS 140-2 Compliance from disabled to enabled
The parameters outlined in the first bullet point are employed.
Refer to the National Institute of Standards and Technology website for more information regarding FIPS 140-2 compliance.
http://csrc.nist.gov/groups/STM/cmvp/standards.html#02
See also
Password hashing and authentication