Return-Path: X-Original-To: apmail-cloudstack-dev-archive@www.apache.org Delivered-To: apmail-cloudstack-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 7CF55116BC for ; Fri, 18 Jul 2014 16:59:18 +0000 (UTC) Received: (qmail 12807 invoked by uid 500); 18 Jul 2014 16:59:17 -0000 Delivered-To: apmail-cloudstack-dev-archive@cloudstack.apache.org Received: (qmail 12771 invoked by uid 500); 18 Jul 2014 16:59:17 -0000 Mailing-List: contact dev-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cloudstack.apache.org Delivered-To: mailing list dev@cloudstack.apache.org Received: (qmail 12751 invoked by uid 99); 18 Jul 2014 16:59:17 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 18 Jul 2014 16:59:17 +0000 X-ASF-Spam-Status: No, hits=-5.0 required=5.0 tests=RCVD_IN_DNSWL_HI,SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of Demetrius.Tsitrelis@citrix.com designates 66.165.176.89 as permitted sender) Received: from [66.165.176.89] (HELO SMTP.CITRIX.COM) (66.165.176.89) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 18 Jul 2014 16:59:12 +0000 X-IronPort-AV: E=Sophos;i="5.01,686,1400025600"; d="scan'208";a="153743288" Received: from sjcpex01cl03.citrite.net ([10.216.14.145]) by FTLPIPO01.CITRIX.COM with ESMTP/TLS/AES128-SHA; 18 Jul 2014 16:58:43 +0000 Received: from SJCPEX01CL01.citrite.net ([169.254.1.197]) by SJCPEX01CL03.citrite.net ([10.216.14.145]) with mapi id 14.03.0181.006; Fri, 18 Jul 2014 09:58:42 -0700 From: Demetrius Tsitrelis To: "dev@cloudstack.apache.org" Subject: RE: [PROPOSAL] Adding a plugin to check the password strength of all users Thread-Topic: [PROPOSAL] Adding a plugin to check the password strength of all users Thread-Index: AQHPok3i/6bYHzKtmk+yUhHy693rJZul0fDK//+ptwCAAJFREA== Date: Fri, 18 Jul 2014 16:58:40 +0000 Message-ID: <43A11A1933FEF445A080F7D88687264616382AC3@SJCPEX01CL01.citrite.net> References: <1FCB29E4-339A-4B9B-9039-19872C75BEB7@citrix.com> <43A11A1933FEF445A080F7D886872646163827E7@SJCPEX01CL01.citrite.net> <95F76D2C-1372-48DB-B352-7B8A321CF74D@citrix.com> In-Reply-To: <95F76D2C-1372-48DB-B352-7B8A321CF74D@citrix.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.210.228.78] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Virus-Checked: Checked by ClamAV on apache.org So the plugin will show the strength AND it will enforce the strength when = a user is created or updates his password. Will it be possible for an admi= nistrator to disable either of these? For both of those capabilities is the plugin's behavior configurable for di= fferent authentication encoders? That is, could I have one set of rules fo= r the SHA256 authenticator and a different set of rules for the MD5 authent= icator? -----Original Message----- From: Damoder Reddy [mailto:Damoder.Reddy@citrix.com]=20 Sent: Friday, July 18, 2014 9:13 AM To: dev@cloudstack.apache.org Subject: Re: [PROPOSAL] Adding a plugin to check the password strength of a= ll users Will show the strength of the password as well. On 18-Jul-2014, at 6:53 pm, Demetrius Tsitrelis wrote: > Will the plugin merely show the strength of the password or will the plug= in prevent the use of weak passwords? >=20 > ________________________________________ > From: Damoder Reddy [Damoder.Reddy@citrix.com] > Sent: Thursday, July 17, 2014 11:02 PM > To: dev@cloudstack.apache.org > Subject: [PROPOSAL] Adding a plugin to check the password strength of=20 > all users >=20 > Hi all, >=20 > I am thinking to add a plugin which enables to check the password strengt= h of a user while setting/resetting the password for that user. > why as a plugin because different companies may have a different rule set= s to check the password strength. >=20 > The default implementation will have the password strength calculation=20 > based on the following parameters 1. Length of the password 2. Number=20 > of Character Sets involved in the password defined. For ex, Upper Case Le= tter, Lower Case letter, Digits and special character set. >=20 > Ay suggestions/Comments? >=20 > Thanks > Damoder