Return-Path: Delivered-To: apmail-directory-users-archive@www.apache.org Received: (qmail 39918 invoked from network); 2 May 2009 23:17:49 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 2 May 2009 23:17:49 -0000 Received: (qmail 40514 invoked by uid 500); 2 May 2009 23:17:49 -0000 Delivered-To: apmail-directory-users-archive@directory.apache.org Received: (qmail 40434 invoked by uid 500); 2 May 2009 23:17:49 -0000 Mailing-List: contact users-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@directory.apache.org Delivered-To: mailing list users@directory.apache.org Received: (qmail 40424 invoked by uid 99); 2 May 2009 23:17:49 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 02 May 2009 23:17:49 +0000 X-ASF-Spam-Status: No, hits=2.2 required=10.0 tests=HTML_MESSAGE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of cmcamerino@gmail.com designates 209.85.132.241 as permitted sender) Received: from [209.85.132.241] (HELO an-out-0708.google.com) (209.85.132.241) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 02 May 2009 23:17:41 +0000 Received: by an-out-0708.google.com with SMTP id c2so1825897anc.10 for ; Sat, 02 May 2009 16:17:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type; bh=7ilzM2EZKltJKeokE6CjawKhGe1DrkXjj/NKnWOcHCs=; b=jRGXJLTgTamLiK7TVTgT468FEjncrfJC/AF955qAya+czdJsKl7KjVyxvDZSaOxifG B1V4ctXsLAsfasxwG3j60evmNqCBYu6iemE+IIn0zdaYBXTA/P/YtchgNg8Jk04neOO1 iBrDwNqIJ/ovILdoXTacNy8Oe3cLXp0EVkdvg= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=WkBuwyA3GrVkVvR4QycdY57zJAcVMkO3UmqfYD3lhyFjVL/SI44JnM9gbKqHcPJfU6 ni8DMKqJBLiuiIvR0HBJHIX81VXj00Bh43nWR5B9sPzcjYMUJoku3gU8rcE5QtbIqEvC h3idbzZyK1vpMhYhOISwZ3KDQ1TswVnVOYwmY= MIME-Version: 1.0 Received: by 10.100.3.13 with SMTP id 13mr9343489anc.75.1241306239961; Sat, 02 May 2009 16:17:19 -0700 (PDT) In-Reply-To: <49FCB3C3.3060807@labeo.de> References: <37cc2c090905020944k3150e9caibec8178543bc06bf@mail.gmail.com> <49FCB3C3.3060807@labeo.de> Date: Sun, 3 May 2009 07:17:19 +0800 Message-ID: <37cc2c090905021617g9df8334mc9debb0f7747e72a@mail.gmail.com> Subject: Re: Force Change Password From: Carlo Camerino To: users@directory.apache.org Content-Type: multipart/alternative; boundary=0016e64616e67d8b550468f6212b X-Virus-Checked: Checked by ClamAV on apache.org --0016e64616e67d8b550468f6212b Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Hi, Thank you for reply :) I will continue with my evaluation. Thanks Carlo On Sun, May 3, 2009 at 4:57 AM, Stefan Zoerner wrote: > Hi Carlo, > > Carlo Camerino wrote: > >> I just want to know if Apache Directory server can do the following. >> >> 1.) Can it force the users to change password? (Expire password after a >> specific time period) >> 2.) Can I make a list of commonly used passwords that users shouldn't use? >> > > The functionality w.r.t. password polices is not that impressive yet. There > is a Password Policy Interceptor, which has to be enabled. It deals with > minimal password complexity etc. defaults (if enabled) to this: > > * The password is at least six characters long. > * The password contains a mix of characters. > * The password does not contain three letter (or more) tokens from the > user's account name. > > It would be quite easy to extend it to forbid certain password values. But > you have to extend the corresponding class and modify the configuration in > server.xml to accomplish that. > > This helps at least for question 2 (hopefully). > > Greetings from Hamburg, > Stefan > > > > --0016e64616e67d8b550468f6212b--