You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@directory.apache.org by Carlo Camerino <cm...@gmail.com> on 2009/05/02 18:44:25 UTC
Force Change Password
Hi,
I'm relatively new to using Apache Directory Server.
Our company is going to implement LDAP as a security measure,
I just want to know if Apache Directory server can do the following.
1.) Can it force the users to change password? (Expire password after a
specific time period)
2.) Can I make a list of commonly used passwords that users shouldn't use?
Thanks A lot.
Carlo
Re: Force Change Password
Posted by Carlo Camerino <cm...@gmail.com>.
Hi,
Thank you for reply :)
I will continue with my evaluation.
Thanks
Carlo
On Sun, May 3, 2009 at 4:57 AM, Stefan Zoerner <st...@labeo.de> wrote:
> Hi Carlo,
>
> Carlo Camerino wrote:
>
>> I just want to know if Apache Directory server can do the following.
>>
>> 1.) Can it force the users to change password? (Expire password after a
>> specific time period)
>> 2.) Can I make a list of commonly used passwords that users shouldn't use?
>>
>
> The functionality w.r.t. password polices is not that impressive yet. There
> is a Password Policy Interceptor, which has to be enabled. It deals with
> minimal password complexity etc. defaults (if enabled) to this:
>
> * The password is at least six characters long.
> * The password contains a mix of characters.
> * The password does not contain three letter (or more) tokens from the
> user's account name.
>
> It would be quite easy to extend it to forbid certain password values. But
> you have to extend the corresponding class and modify the configuration in
> server.xml to accomplish that.
>
> This helps at least for question 2 (hopefully).
>
> Greetings from Hamburg,
> Stefan
>
>
>
>
Re: Force Change Password
Posted by Stefan Zoerner <st...@labeo.de>.
Hi Carlo,
Carlo Camerino wrote:
> I just want to know if Apache Directory server can do the following.
>
> 1.) Can it force the users to change password? (Expire password after a
> specific time period)
> 2.) Can I make a list of commonly used passwords that users shouldn't use?
The functionality w.r.t. password polices is not that impressive yet.
There is a Password Policy Interceptor, which has to be enabled. It
deals with minimal password complexity etc. defaults (if enabled) to this:
* The password is at least six characters long.
* The password contains a mix of characters.
* The password does not contain three letter (or more) tokens from the
user's account name.
It would be quite easy to extend it to forbid certain password values.
But you have to extend the corresponding class and modify the
configuration in server.xml to accomplish that.
This helps at least for question 2 (hopefully).
Greetings from Hamburg,
Stefan