[
https://issues.apache.org/jira/browse/JS2-548?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ate Douma reassigned JS2-548:
-----------------------------
Assignee: Ate Douma
> Extending password policy to require alternate characters (eg 2 numbers along
> with 4 letters) will fail on auto-password generation for new user
> registration
> -------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: JS2-548
> URL: https://issues.apache.org/jira/browse/JS2-548
> Project: Jetspeed 2
> Issue Type: Bug
> Components: Security
> Affects Versions: 2.0-FINAL
> Environment: All environments
> Reporter: Brad Svee
> Assignee: Ate Douma
> Priority: Minor
> Fix For: 2.2.1
>
>
> The class org.apache.jetspeed.administration.AdminUtil in the Portal
> component has a generatePassword method that is used by the registration
> portlet to create an auto-generated password for new user registration.
> However that funtionality doesn't take into account any additional password
> policy requirements, for example requiring at least 2 numbers in addition to
> several letters, in this case, probability allows for a high success rate on
> succesfully generating proper passwords, but sometimes it will fail
> generating a password without any numbers. Additionally, the password policy
> to require a "funny" character #...@% will never allow a generated password
> to be created, because those characters are not in the password seed set.
> Eventually it would be nice to expose the password policy to the
> administration bean and generate new passwords with the password policy
> configuration in mind.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
