directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Carlo Camerino <cmcamer...@gmail.com>
Subject Re: Force Change Password
Date Sat, 02 May 2009 23:17:19 GMT
Hi,

Thank you for reply :)

I will continue with my evaluation.

Thanks
Carlo

On Sun, May 3, 2009 at 4:57 AM, Stefan Zoerner <stefan@labeo.de> wrote:

> Hi Carlo,
>
> Carlo Camerino wrote:
>
>> I just want to know if Apache Directory server can do the following.
>>
>> 1.) Can it force the users to change password? (Expire password after a
>> specific time period)
>> 2.) Can I make a list of commonly used passwords that users shouldn't use?
>>
>
> The functionality w.r.t. password polices is not that impressive yet. There
> is a Password Policy Interceptor, which has to be enabled. It deals with
> minimal password complexity etc. defaults (if enabled) to this:
>
> * The password is at least six characters long.
> * The password contains a mix of characters.
> * The password does not contain three letter (or more) tokens from the
> user's account name.
>
> It would be quite easy to extend it to forbid certain password values. But
> you have to extend the corresponding class and modify the configuration in
> server.xml to accomplish that.
>
> This helps at least for question 2 (hopefully).
>
> Greetings from Hamburg,
>    Stefan
>
>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message