Great job, thanks! I've tested it, everything is fine.
-James Liao On 9/23/05, Ate Douma <[EMAIL PROTECTED]> wrote: > > All, > > I've just uploaded a new version of the online documentation at: > http://portals.apache.org/jetspeed-2/ > which includes new documentation related to the changes I committed to the > login and password credential > handling. > > The related issues are: > http://issues.apache.org/jira/browse/JS2-359 > http://issues.apache.org/jira/browse/JS2-371 > http://issues.apache.org/jira/browse/JS2-372 > > The new documentation for these changes can be found here: > > http://portals.apache.org/jetspeed-2/multiproject/jetspeed-security/credentials.html > and here: > > http://portals.apache.org/jetspeed-2/multiproject/jetspeed-security/config.html#security-spi-atn_xml > > With the JS2-372 changes, the default login and password security > configuration has been much simplified. > The rather strict default security rules are now replaced with the > following: > - passwords only need to be non-empty > - passwords are still MessageDigest encoded > - password expiration functionality is no longer configured > - password history is no longer maintained > - authentication failures no longer lead to a disabled password credential > - only for the admin user change of the password is required on first > login > > It is still possible to "restore" the old rules though, and in the new > documentation an example is given > how to do that. > > These new default security rules should make it much easier for new users > to try out Jetspeed-2. > For production usage though, a heavier configuration most likely will be > required. > But, with the new interceptors (see JS2-359), this should be much easier > to configure. > > Regards, > > Ate > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
