HI all,
I am working on $subject for WSO2 Identity Sever 5.3.0 release. Following
are the currently identified improvements,
- Password History -
Last 'n' number of passwords need to be maintained in user's history. When
user updates his password we don't allow him to choose one of these 'n'
passwords again.
- Periodic Password Reset -
Force the user to periodically (configurable period) reset his password.
When doing this we need to leverage the password history feature as well.
CREATE TABLE IF NOT EXISTS idn_password_history_data
(
user_name *VARCHAR*(255) NOT NULL,
user_domain *VARCHAR*(255) NOT NULL,
tenant_id *INTEGER* DEFAULT -1,
hash *VARCHAR*(255) NOT NULL,
time_created *TIMESTAMP* NOT NULL DEFAULT
CURRENT_TIMESTAMP,
PRIMARY KEY (user_name,user_domain,tenant_id,hash)
,
)
All the passwords which are supposed to store in this table are old
passwords (expired).
- I think we don't need to use the same password hashing algorithm (with
or without salted value) which is defined user-mgt.xml for password history
validation.
- admin users can change other user's passwords without giving their old
passwords. In that case, how can we find the old password hash value to
store for password history validation?
Your comments and suggestions are highly appreciated.
Thanks
Isura.
Isura Dilhara Karunaratne
Senior Software Engineer
Mob +94 772 254 810
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
