16 Feb
2012
16 Feb
'12
12:11 p.m.
i have done the changes th regarding point 1(replacing the default regex
with my regex) but regarding other points like 2 and 3, i think changes may
be required in data store too like column for
1) which date ,the last password got changed
2)column having history of last 15 pwd
3)column indiacting the count how many time wrong pwd is entered
This is how it is done in typical web application.But for now i dont want
to introduce any data store changes. One reason is we have to upgrade to
latest wiki version with new release.
On Wed, Feb 15, 2012 at 4:48 PM, Edo Beutler <ebeutler(a)synventis.com> wrote:
Hi Mohit
Whilst, AFAIK, not possible by default it should not be to hard to
write your own password change script or (better since testable) Java
component.
1) Submit your password change form to your page where you can check
all your specifications.
Counting the failed logins is probably something you should do in your
authentication method.
2) Belongs also to the authentication: if last change >30 days show
your password change form
3) Create a class with a password(! - of course not plain text) field
and on each password change you add also an object of this class to
the user page. Then when changing a new password just check if there
is an object with a password matching the new one.
4) maybe add a field 'locked' to the user class ... or just use the
field 'active' and set locked users to inactive
At least that's how I would approach it
Edo
On Wed, Feb 15, 2012 at 11:43 AM, mohit gupta <motgupta(a)gmail.com> wrote:
Hi,
I want to apply a specicific set of rules to password policy in xwiki so
that that if any new user/existing user(in case he want to change the
existing password)
adhere to this policy. Some of the rules are like :-
1)Password should have following charectics
A minimum password length of fourteen (12) characters
Contain at least one alpha characters (a-z, A-Z).
Contain at least one Upper Case Alpha character (A-Z).
Contain at least one numeric character (0-9).
Contain at least one “special” character, such as the following:~ ` !
@ #
$ % ’
The maximum number of failed login attempts shall be set to 3.
2)Passwords are required to be changed every 30 days
3)A password history of last 13 passwords must be maintained so that new
password is not among last 13 passwords
4)Where any user account has been locked out, admin should be subject to
reset the password
My first question is about point 1 . I can see one way to modify
registration password matching regex at
http://wikiURL/myWiki/bin/edit/XWiki/Registration?editor=wiki
so that i can change default policy from 6 character to customized policy
as per point 1. Is there any other way to from user interface ?
Second point is i don't see any configuration setting to fulfil the
requirements 2,3 and 4. Does xwiki support this kind of configuration
too?
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users