Return-Path: Delivered-To: apmail-directory-users-archive@www.apache.org Received: (qmail 4300 invoked from network); 2 May 2009 20:58:05 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 2 May 2009 20:58:05 -0000 Received: (qmail 92673 invoked by uid 500); 2 May 2009 20:58:05 -0000 Delivered-To: apmail-directory-users-archive@directory.apache.org Received: (qmail 92608 invoked by uid 500); 2 May 2009 20:58:05 -0000 Mailing-List: contact users-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@directory.apache.org Delivered-To: mailing list users@directory.apache.org Received: (qmail 92598 invoked by uid 99); 2 May 2009 20:58:05 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 02 May 2009 20:58:05 +0000 X-ASF-Spam-Status: No, hits=1.2 required=10.0 tests=SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (nike.apache.org: local policy) Received: from [81.169.146.160] (HELO mo-p00-ob.rzone.de) (81.169.146.160) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 02 May 2009 20:57:55 +0000 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; t=1241297854; l=971; s=domk; d=labeo.de; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:References: Subject:To:MIME-Version:From:Date:X-RZG-CLASS-ID:X-RZG-AUTH; bh=lDu5NcTbdedHaPmOgQjh7PgF3jY=; b=plRL8x3zO5d1b9AW0IeOHLXYwCkr2ePrQsatuB/Da3VnSZVblmO5P+BCaXljq6p4+8+ LBxzIedltZY9N+DXWDJOQA+tzBFs04++ywlM2E6lGmCKG0JrF0/s027ygT8fSxDUcbTXt tKuZk3idaVddqsFKPuQqPd088frGxU8rdis= X-RZG-AUTH: :P3gBc0GmW/MphhhpU4BSj2bmx/Zwgz97J2mNwJqPPEL+UNL0pmwy3PObHdE= X-RZG-CLASS-ID: mo00 Received: from [127.0.0.1] (p5DD52C8E.dip.t-dialin.net [93.213.44.142]) by post.strato.de (mrclete mo26) (RZmta 18.31) with ESMTP id t06910l42InD5a for ; Sat, 2 May 2009 22:57:34 +0200 (MEST) Message-ID: <49FCB3C3.3060807@labeo.de> Date: Sat, 02 May 2009 22:57:39 +0200 From: Stefan Zoerner User-Agent: Thunderbird 2.0.0.21 (Windows/20090302) MIME-Version: 1.0 To: users@directory.apache.org Subject: Re: Force Change Password References: <37cc2c090905020944k3150e9caibec8178543bc06bf@mail.gmail.com> In-Reply-To: <37cc2c090905020944k3150e9caibec8178543bc06bf@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org Hi Carlo, Carlo Camerino wrote: > I just want to know if Apache Directory server can do the following. > > 1.) Can it force the users to change password? (Expire password after a > specific time period) > 2.) Can I make a list of commonly used passwords that users shouldn't use? The functionality w.r.t. password polices is not that impressive yet. There is a Password Policy Interceptor, which has to be enabled. It deals with minimal password complexity etc. defaults (if enabled) to this: * The password is at least six characters long. * The password contains a mix of characters. * The password does not contain three letter (or more) tokens from the user's account name. It would be quite easy to extend it to forbid certain password values. But you have to extend the corresponding class and modify the configuration in server.xml to accomplish that. This helps at least for question 2 (hopefully). Greetings from Hamburg, Stefan