Re: [xwiki-users] Configuration to enforce specific password policy in xwiki?
i have done the changes th regarding point 1(replacing the default regex with my regex) but regarding other points like 2 and 3, i think changes may be required in data store too like column for 1) which date ,the last password got changed 2)column having history of last 15 pwd 3)column indiacting the count how many time wrong pwd is entered This is how it is done in typical web application.But for now i dont want to introduce any data store changes. One reason is we have to upgrade to latest wiki version with new release. On Wed, Feb 15, 2012 at 4:48 PM, Edo Beutler ebeut...@synventis.com wrote: Hi Mohit Whilst, AFAIK, not possible by default it should not be to hard to write your own password change script or (better since testable) Java component. 1) Submit your password change form to your page where you can check all your specifications. Counting the failed logins is probably something you should do in your authentication method. 2) Belongs also to the authentication: if last change 30 days show your password change form 3) Create a class with a password(! - of course not plain text) field and on each password change you add also an object of this class to the user page. Then when changing a new password just check if there is an object with a password matching the new one. 4) maybe add a field 'locked' to the user class ... or just use the field 'active' and set locked users to inactive At least that's how I would approach it Edo On Wed, Feb 15, 2012 at 11:43 AM, mohit gupta motgu...@gmail.com wrote: Hi, I want to apply a specicific set of rules to password policy in xwiki so that that if any new user/existing user(in case he want to change the existing password) adhere to this policy. Some of the rules are like :- 1)Password should have following charectics A minimum password length of fourteen (12) characters Contain at least one alpha characters (a-z, A-Z). Contain at least one Upper Case Alpha character (A-Z). Contain at least one numeric character (0-9). Contain at least one “special” character, such as the following:~ ` ! @ # $ % ’ The maximum number of failed login attempts shall be set to 3. 2)Passwords are required to be changed every 30 days 3)A password history of last 13 passwords must be maintained so that new password is not among last 13 passwords 4)Where any user account has been locked out, admin should be subject to reset the password My first question is about point 1 . I can see one way to modify registration password matching regex at http://wikiURL/myWiki/bin/edit/XWiki/Registration?editor=wiki so that i can change default policy from 6 character to customized policy as per point 1. Is there any other way to from user interface ? Second point is i don't see any configuration setting to fulfil the requirements 2,3 and 4. Does xwiki support this kind of configuration too? ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
[xwiki-users] Configuration to enforce specific password policy in xwiki?
Hi, I want to apply a specicific set of rules to password policy in xwiki so that that if any new user/existing user(in case he want to change the existing password) adhere to this policy. Some of the rules are like :- 1)Password should have following charectics A minimum password length of fourteen (12) characters Contain at least one alpha characters (a-z, A-Z). Contain at least one Upper Case Alpha character (A-Z). Contain at least one numeric character (0-9). Contain at least one “special” character, such as the following:~ ` ! @ # $ % ’ The maximum number of failed login attempts shall be set to 3. 2)Passwords are required to be changed every 30 days 3)A password history of last 13 passwords must be maintained so that new password is not among last 13 passwords 4)Where any user account has been locked out, admin should be subject to reset the password My first question is about point 1 . I can see one way to modify registration password matching regex at http://wikiURL/myWiki/bin/edit/XWiki/Registration?editor=wiki so that i can change default policy from 6 character to customized policy as per point 1. Is there any other way to from user interface ? Second point is i don't see any configuration setting to fulfil the requirements 2,3 and 4. Does xwiki support this kind of configuration too? ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] Configuration to enforce specific password policy in xwiki?
Hi Mohit Whilst, AFAIK, not possible by default it should not be to hard to write your own password change script or (better since testable) Java component. 1) Submit your password change form to your page where you can check all your specifications. Counting the failed logins is probably something you should do in your authentication method. 2) Belongs also to the authentication: if last change 30 days show your password change form 3) Create a class with a password(! - of course not plain text) field and on each password change you add also an object of this class to the user page. Then when changing a new password just check if there is an object with a password matching the new one. 4) maybe add a field 'locked' to the user class ... or just use the field 'active' and set locked users to inactive At least that's how I would approach it Edo On Wed, Feb 15, 2012 at 11:43 AM, mohit gupta motgu...@gmail.com wrote: Hi, I want to apply a specicific set of rules to password policy in xwiki so that that if any new user/existing user(in case he want to change the existing password) adhere to this policy. Some of the rules are like :- 1)Password should have following charectics A minimum password length of fourteen (12) characters Contain at least one alpha characters (a-z, A-Z). Contain at least one Upper Case Alpha character (A-Z). Contain at least one numeric character (0-9). Contain at least one “special” character, such as the following:~ ` ! @ # $ % ’ The maximum number of failed login attempts shall be set to 3. 2)Passwords are required to be changed every 30 days 3)A password history of last 13 passwords must be maintained so that new password is not among last 13 passwords 4)Where any user account has been locked out, admin should be subject to reset the password My first question is about point 1 . I can see one way to modify registration password matching regex at http://wikiURL/myWiki/bin/edit/XWiki/Registration?editor=wiki so that i can change default policy from 6 character to customized policy as per point 1. Is there any other way to from user interface ? Second point is i don't see any configuration setting to fulfil the requirements 2,3 and 4. Does xwiki support this kind of configuration too? ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
