Return-Path: 
 <users-return-143877-apmail-tomcat-users-archive=tomcat.apache.org@tomcat.apache.org>
Delivered-To: apmail-tomcat-users-archive@www.apache.org
Received: (qmail 38783 invoked from network); 8 Apr 2006 02:48:57 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199)
  by minotaur.apache.org with SMTP; 8 Apr 2006 02:48:57 -0000
Received: (qmail 45061 invoked by uid 500); 8 Apr 2006 02:48:46 -0000
Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org
Received: (qmail 45046 invoked by uid 500); 8 Apr 2006 02:48:46 -0000
Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@tomcat.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@tomcat.apache.org>
List-Post: <mailto:users@tomcat.apache.org>
List-Id: <users.tomcat.apache.org>
Reply-To: "Tomcat Users List" <users@tomcat.apache.org>
Delivered-To: mailing list users@tomcat.apache.org
Received: (qmail 45033 invoked by uid 99); 8 Apr 2006 02:48:46 -0000
Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 07 Apr 2006 19:48:46 -0700
X-ASF-Spam-Status: No, hits=2.5 required=10.0
	tests=DNS_FROM_RFC_ABUSE,DNS_FROM_RFC_POST,NO_REAL_NAME,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (asf.osuosl.org: domain of fmiddleton@verizon.net
 designates 206.46.252.46 as permitted sender)
Received: from [206.46.252.46] (HELO vms046pub.verizon.net) (206.46.252.46)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 07 Apr 2006 19:48:45 -0700
Received: from vms070.mailsrvcs.net ([192.168.1.3])
 by vms046.mailsrvcs.net (Sun Java System Messaging Server 6.2-4.02 (built Sep
 9 2005)) with ESMTPA id <0IXD00AG2UGPY6T2@vms046.mailsrvcs.net> for
 users@tomcat.apache.org; Fri, 07 Apr 2006 21:48:25 -0500 (CDT)
Date: Fri, 07 Apr 2006 21:48:25 -0500 (CDT)
From: <fmiddleton@verizon.net>
Subject: Container-Managed Password Expiration/Strength enforcing?
To: users@tomcat.apache.org
Message-id: <1049022.1289451144464505102.JavaMail.root@vms070.mailsrvcs.net>
MIME-version: 1.0
Content-type: text/plain; charset=ISO-8859-1
Content-transfer-encoding: 7bit
X-Virus-Checked: Checked by ClamAV on apache.org
X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N

I am running Tomcat 5.5.12. I already use the sever's container-managed authentication mechanisms to require authentication for my web application users' credentials via forms. The users' ids and passwords are stored on an MySQL database.

My question is, is there a way of configuring the server to require users to change their passwords every now and then enforce rules to require users to make their passwords strong? This doesn't seem to be documented in anywhere. I know that the source code is available but I don't know anything about the inside of Tomcat and wouldn't know where to begin for coding this myself.

Renny

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org