You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@guacamole.apache.org by vn...@apache.org on 2018/11/11 02:17:31 UTC
[4/6] guacamole-manual git commit: GUACAMOLE-220: Clarify password
aging behavior/configuration.
GUACAMOLE-220: Clarify password aging behavior/configuration.
Project: http://git-wip-us.apache.org/repos/asf/guacamole-manual/repo
Commit: http://git-wip-us.apache.org/repos/asf/guacamole-manual/commit/7bb35ccc
Tree: http://git-wip-us.apache.org/repos/asf/guacamole-manual/tree/7bb35ccc
Diff: http://git-wip-us.apache.org/repos/asf/guacamole-manual/diff/7bb35ccc
Branch: refs/heads/master
Commit: 7bb35ccc3db53d659f6c0ac7261583887d8dc040
Parents: b0a1553
Author: Michael Jumper <mj...@apache.org>
Authored: Sat Nov 10 14:16:33 2018 -0800
Committer: Michael Jumper <mj...@apache.org>
Committed: Sat Nov 10 14:20:54 2018 -0800
----------------------------------------------------------------------
src/chapters/jdbc-auth.xml | 20 +++++++++++++-------
1 file changed, 13 insertions(+), 7 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/guacamole-manual/blob/7bb35ccc/src/chapters/jdbc-auth.xml
----------------------------------------------------------------------
diff --git a/src/chapters/jdbc-auth.xml b/src/chapters/jdbc-auth.xml
index 3bc2e23..cb33b90 100644
--- a/src/chapters/jdbc-auth.xml
+++ b/src/chapters/jdbc-auth.xml
@@ -549,17 +549,17 @@ sqlserver-user-password-prohibit-username: true</programlisting>
(minimum password age).</para>
</listitem>
</orderedlist>
- <para>In both cases, these values are specified in units of days, and are both
- disabled by default.</para>
<para>While it may seem strange to prevent users from changing their password
too frequently, it does make sense if you are concerned that rapid password
changes may defeat password expiration (users could immediately change the
password back) or tracking of password history (users could cycle through
- passwords until the history is exhausted and their old password is
- back).</para>
- <para>So that administrators can always intervene in the case that a password
- needs to be reset despite restrictions, the minimum age restriction does not
- apply to any user with permission to administer the system.</para>
+ passwords until the history is exhausted and their old password is usable
+ again).</para>
+ <para>By default, the database authentication does not apply any limits to
+ password age, and users with permission to change their passwords may do so
+ as frequently or infrequently as they wish. Password age limits can be
+ enabled using a pair of properties, each accepting values given in units of
+ days:</para>
<informalexample>
<programlisting># MySQL
mysql-user-password-min-age: <replaceable>7</replaceable>
@@ -573,6 +573,12 @@ postgresql-user-password-max-age: <replaceable>90</replaceable>
sqlserver-user-password-min-age: <replaceable>7</replaceable>
sqlserver-user-password-max-age: <replaceable>90</replaceable></programlisting>
</informalexample>
+ <important>
+ <para>So that administrators can always intervene in the case that a
+ password needs to be reset despite restrictions, the minimum age
+ restriction does not apply to any user with permission to administer the
+ system.</para>
+ </important>
</section>
<section>
<title>Preventing password reuse</title>