[jira] [Comment Edited] (CASSANDRA-20207) User credential handling

[Stefan Miklosovic (Jira)]

    [ 
https://issues.apache.org/jira/browse/CASSANDRA-20207?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17913268#comment-17913268
 ] 

Stefan Miklosovic edited comment on CASSANDRA-20207 at 1/15/25 11:28 AM:
-------------------------------------------------------------------------

for 1) (maybe 5) there is CASSANDRA-19734

for 3) there is CEP-24 (will be in 5.1) (1)

All other points are solvable and it was the subject of discussion (2).

(1) https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=228494146
(2) https://lists.apache.org/thread/01bn3hkhqv7ojfw4x76dxoxsrhrfbwkg

Some parts of CEP-24 were not implemented, for now we just went with core 
password validation and generation logic. It is up to the community if we adopt 
more of that.

Please reach us at dev mailing list where we can go over this in more depth. 
JIRA is not a suitable vehicle to discuss these questions. 


was (Author: smiklosovic):
for 1) (maybe 5) there is CASSANDRA-19734

for 3) there is CEP-24 (will be in 5.1) (1)

All other points are solvable and it was the subject of discussion (2).

(1) https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=228494146
(2) https://lists.apache.org/thread/01bn3hkhqv7ojfw4x76dxoxsrhrfbwkg

Some parts of CEP-24 were not implemented, for now we just went with core 
password validation and generation logic. It is up to the community if we adopt 
more of that.

> User credential handling 
> -------------------------
>
>                 Key: CASSANDRA-20207
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-20207
>             Project: Apache Cassandra
>          Issue Type: Bug
>            Reporter: Sarthak
>            Priority: Normal
>
> # How an user account can be disabled (or locked out for a configurable time) 
> after a configurable number of consecutive unsuccessful login attempts
>  # How to configured password Expiration duration.
>  # How to force a user to use a strong password.
>  # When changing password, recently used passwords are rejected on all login 
> possibilities. Default value of password history shall be configurable. 
> Recommended password history: Last 3 passwords.
>  # It is logged if the maximum number of login attempts is exceeded.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org