Hi, On 1 October 2015 at 02:11, Thad Humphries <thad.humphr...@gmail.com> wrote:
> I set up an Archiva 2.2 server a while back, and thought I'd succeeded in > disabling the requirement to renew the password after so many days, not > allow reuse of the last X number of passwords, etc. Earlier this week I was > rudely surprised to find that I had to reset my password. How can I stop > this? > > I am running Archiva on port 8080, starting it with > > $ cd /opt/apache-archiva-2.2.0 > $ nohup bin/archiva console start & > > I created a ~/.m2/security.properties file based on the one at > http://archiva.apache.org/docs/2.2.0/adminguide/customising-security.html. > Mine is shown below. The two properties in bold I thought would disable > password expiration. > > # > http://archiva.apache.org/docs/2.2.0/adminguide/customising-security.html > # > > https://github.com/apache/archiva-redback-core/blob/master/redback-configuration/src/main/resources/org/apache/archiva/redback/config-defaults.properties > > # Security Policies > #security.policy.password.encoder= > > > *security.policy.password.previous.count=-1security.policy.password.expiration.enabled=false* > security.policy.password.expiration.days=180 > security.policy.password.expiration.notify.days=10 > security.policy.allowed.login.attempt=10 > > # Password Rules > security.policy.password.rule.alphanumeric.enabled=false > security.policy.password.rule.alphacount.enabled=true > security.policy.password.rule.alphacount.minimum=1 > security.policy.password.rule.characterlength.enabled=true > security.policy.password.rule.characterlength.minimum=1 > security.policy.password.rule.characterlength.maximum=8 > security.policy.password.rule.musthave.enabled=true > security.policy.password.rule.numericalcount.enabled=true > security.policy.password.rule.numericalcount.minimum=1 > security.policy.password.rule.reuse.enabled=true > security.policy.password.rule.nowhitespace.enabled=true > > > Maybe that's not enough? In looking a the archiva-redback-core on GitHub, I > see *two additional settings* under Security Policies: > > # turn off the perclick enforcement of various security policies, slightly > # more heavyweight since it will ensure that the User object on each click > # is up to date > security.policy.strict.enforcement.enabled=true > security.policy.strict.force.password.change.enabled=true > > So, if I add these properties to my ~/.m2/security.properties file, set > both to false, kill Archiva and restart it, will this disable the password > reset requirement? If not, how can I do so? > That should work otherwise you are facing a bug :-( You can use a file located here as well ${appserver.home}/conf/security.properties > > -- > "Hell hath no limits, nor is circumscrib'd In one self-place; but where we > are is hell, And where hell is, there must we ever be" --Christopher > Marlowe, *Doctor Faustus* (v. 121-24) > -- Olivier Lamy http://twitter.com/olamy | http://linkedin.com/in/olamy