You could try to use the Redback Runtime Configuration [1]. With Archiva 2.2.0 this works for me. At least the number of reusing your previous passwords (security.policy.password.previous.count).
[1] http://archiva.apache.org/docs/2.2.0/adminguide/redback-runtime-configuration.html#Runtime_properties -- Oliver Erhart Thad Humphries <thad.humphr...@gmail.com> schrieb am Do., 7. Jan. 2016 um 15:27 Uhr: > On Thu, Oct 1, 2015 at 7:47 AM, Olivier Lamy <ol...@apache.org> wrote: > > > Hi, > > > > On 1 October 2015 at 02:11, Thad Humphries <thad.humphr...@gmail.com> > > wrote: > > > > > I set up an Archiva 2.2 server a while back, and thought I'd succeeded > in > > > disabling the requirement to renew the password after so many days, not > > > allow reuse of the last X number of passwords, etc. Earlier this week I > > was > > > rudely surprised to find that I had to reset my password. How can I > stop > > > this? > > > > > > I am running Archiva on port 8080, starting it with > > > > > > $ cd /opt/apache-archiva-2.2.0 > > > $ nohup bin/archiva console start & > > > > > > I created a ~/.m2/security.properties file based on the one at > > > > > > http://archiva.apache.org/docs/2.2.0/adminguide/customising-security.html. > > > Mine is shown below. The two properties in bold I thought would disable > > > password expiration. > > > > > > # > > > > > > http://archiva.apache.org/docs/2.2.0/adminguide/customising-security.html > > > # > > > > > > > > > https://github.com/apache/archiva-redback-core/blob/master/redback-configuration/src/main/resources/org/apache/archiva/redback/config-defaults.properties > > > > > > # Security Policies > > > #security.policy.password.encoder= > > > > > > > > > > > > *security.policy.password.previous.count=-1security.policy.password.expiration.enabled=false* > > > security.policy.password.expiration.days=180 > > > security.policy.password.expiration.notify.days=10 > > > security.policy.allowed.login.attempt=10 > > > > > > # Password Rules > > > security.policy.password.rule.alphanumeric.enabled=false > > > security.policy.password.rule.alphacount.enabled=true > > > security.policy.password.rule.alphacount.minimum=1 > > > security.policy.password.rule.characterlength.enabled=true > > > security.policy.password.rule.characterlength.minimum=1 > > > security.policy.password.rule.characterlength.maximum=8 > > > security.policy.password.rule.musthave.enabled=true > > > security.policy.password.rule.numericalcount.enabled=true > > > security.policy.password.rule.numericalcount.minimum=1 > > > security.policy.password.rule.reuse.enabled=true > > > security.policy.password.rule.nowhitespace.enabled=true > > > > > > > > > Maybe that's not enough? In looking a the archiva-redback-core on > > GitHub, I > > > see *two additional settings* under Security Policies: > > > > > > # turn off the perclick enforcement of various security policies, > > slightly > > > # more heavyweight since it will ensure that the User object on each > > click > > > # is up to date > > > security.policy.strict.enforcement.enabled=true > > > security.policy.strict.force.password.change.enabled=true > > > > > > So, if I add these properties to my ~/.m2/security.properties file, set > > > both to false, kill Archiva and restart it, will this disable the > > password > > > reset requirement? If not, how can I do so? > > > > > > > That should work otherwise you are facing a bug :-( > > You can use a file located here as well > > ${appserver.home}/conf/security.properties > > > > There seems to be a bug. I set security.policy.strict.enforcement.enabled > and security.policy.strict.force.password.change.enabled to false in > *both* locations--~/.m2/security.properties > and ${appserver.home}/conf/security.properties--but have once again been > told that admin's password has expired. > > It's also annoying that I can't reuse one of the last 6 passwords (this is, > essentially, a private server inside a firewall). I thought > "security.policy.password.rule.reuse.enabled=true" would allow reuse, but > it didn't. > > Time to change the sticky note... > > > > -- > > Olivier Lamy > > http://twitter.com/olamy | http://linkedin.com/in/olamy > > >
