David Sean Taylor wrote:
Ate Douma wrote:
I've the requirement to implement an enhanced security model for J2 concerning password validation.
I must meet the following requirements:
1) storing password encoded (Base64 will do for now)
2) requiring a minimum length and a minimum number of numeric characters in a password
3) keeping a history (queue) of previously used password (10) and preventing a user to reuse one from this queue
4) automatically expire password after a certain time (60 days)
5) warning a user its password is going to be expired (configurable time before, 10 days)
6) locking a user out when the current password is expired
7) forcing a user to change a password on first use
8) three strikes out: disable a password after three (or another number of) failures to authenticate, reset check after success
9) Furthermore, I must implement enable/disable of principals (users,groups,roles).
+1 on the overall proposal. Thats a lot features, quite a few more than in Jetspeed-1. Will these features be applied system wide, or per user, per group....
Just system wide for now.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
