Hi Harsha, On Mon, Jun 20, 2016 at 11:27 AM, Harsha Thirimanna <[email protected]> wrote:
> Hi Isura, > > I have one concern , please read the inline comments. > > On Mon, Jun 20, 2016 at 10:52 AM, Isura Karunaratne <[email protected]> > wrote: > >> HI all, >> >> I am working on $subject for WSO2 Identity Sever 5.3.0 release. Following >> are the currently identified improvements, >> >> >> - Password History - >> >> Last 'n' number of passwords need to be maintained in user's history. >> When user updates his password we don't allow him to choose one of these >> 'n' passwords again. >> >> >> - Periodic Password Reset - >> >> Force the user to periodically (configurable period) reset his password. >> When doing this we need to leverage the password history feature as well. >> >> >> >> CREATE TABLE IF NOT EXISTS idn_password_history_data >> ( >> user_name *VARCHAR*(255) NOT NULL, >> user_domain *VARCHAR*(255) NOT NULL, >> tenant_id *INTEGER* DEFAULT -1, >> hash *VARCHAR*(255) NOT NULL, >> time_created *TIMESTAMP* NOT NULL DEFAULT >> CURRENT_TIMESTAMP, >> PRIMARY KEY (user_name,user_domain,tenant_id, >> hash), >> ) >> >> >> All the passwords which are supposed to store in this table are old >> passwords (expired). >> >> - I think we don't need to use the same password hashing algorithm (with >> or without salted value) which is defined user-mgt.xml for password history >> validation. >> - admin users can change other user's passwords without giving their old >> passwords. In that case, how can we find the old password hash value to >> store for password history validation? >> >> *Do we allow to change user password by the admin user ? Is that correct > practice ?* > I think this is a valid use case when user forgets the password, which gives the admin to first reset the password with some random value. Subsequently user can alter the password, after the first login. > > >> >> Your comments and suggestions are highly appreciated. >> >> Thanks >> Isura. >> >> >> Isura Dilhara Karunaratne >> Senior Software Engineer >> >> Mob +94 772 254 810 >> >> >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Kasun Bandara *Software Engineer* Mobile : +94 (0) 718 338 360 <%2B94%20%280%29%20773%20451194> [email protected] <[email protected]>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
