You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@directory.apache.org by Yevgen Ovchynnikov <Ye...@epam.com> on 2012/11/28 14:05:45 UTC

ApacheDS and password policy

Hello,

As I can see from your page http://directory.apache.org/apacheds/1.5/account-and-password-policy-management.html , password policy and password strength are in future development, am I correct?
If yes, could you please provide any tools or recommends how to implement password strength with ApacheDS? It will be great to your community.
For example:

-          Include at least one character from at least three of the following classes: lowercase letters, uppercase letters, numerals, punctuation (for example, #, |, $, %    and spaces)

-          Are not found in common dictionaries, and are not well-known or predictable phrases

-          Do not resemble the name of the account holder

Thank you!

Best Regards,
Yevgen Ovchynnikov
Software Support Engineer

EPAM Systems
Kyiv office, Ukraine
GMT+2 (Standard) / GMT+3 (Daylight)

EPAM Internal ext.:        40763
Office phone:                 +380 (44) 390 5457
Office fax:                     +380 (44) 390 5458
Mobile phone:                +380 (093) 679 88 62
E-mail:                          Yevgen_Ovchynnikov@epam.com<ma...@epam.com>
Skype:                          theslame
<http://www.epam.com/>

CONFIDENTIALITY CAUTION AND DISCLAIMER
This message is intended only for the use of the individual(s) or entity(ies) to which it is addressed and contains information that is legally privileged and confidential. If you are not the intended recipient, or the person responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. All unintended recipients are obliged to delete this message and destroy any printed copies.

Re: ApacheDS and password policy

Posted by Emmanuel Lécharny <el...@gmail.com>.

Le 11/28/12 2:05 PM, Yevgen Ovchynnikov a écrit :
> Hello,
>
> As I can see from your page http://directory.apache.org/apacheds/1.5/account-and-password-policy-management.html , password policy and password strength are in future development, am I correct?

They are already available in 2.0.0-M8.

> If yes, could you please provide any tools or recommends how to implement password strength with ApacheDS? It will be great to your community.

The documentation is not yet ready, but for 2.0.0-M8, you have many
parameters you can set to manage the passwordPolicy in the
PasswordPolicies entry :
ads-pwdId=default,ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config

You have many possible parameters you can set.
> For example:
>
> -          Include at least one character from at least three of the following classes: lowercase letters, uppercase letters, numerals, punctuation (for example, #, |, $, %    and spaces)
>
> -          Are not found in common dictionaries, and are not well-known or predictable phrases
>
> -          Do not resemble the name of the account holder

Some of those checks are done through the DefaultPasswordValidator, but
not all of them. We need to add some more validators.
Hope it helps...

-- 
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com