I've just committed another JS2-151 feature: 3) keeping a history (queue) of previously used password and preventing a user to reuse one from this queue (with a configurable queue size)
Implementation class: org.apache.jetspeed.security.spi.impl.InternalPasswordCredentialHistoryHandlingInterceptor
I've configured a default test history of 3, meaning a new password has to be different from the last three, but only when set through the Change Password Portlet.
If the User Management Portlet is used to set a new password, the value isn't checked against the history (although history is maintained). This is to allow a administrator to set a new password (for example when a user expired its own password by failing to use the correct password three times in a row), even if that password was used before in the saved history (like a 'default' password which must be
changed on first use).
Regards, Ate
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
