You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by fm...@verizon.net on 2006/04/08 04:43:46 UTC
Container-Managed Password Expiration/Strength enforcing?
I am running Tomcat 5.5.12. I Use the sever's container-managed authentication mechanisms to require authentication for my web application users' credentials via forms. The users' ids and passwords
are stored on an MySQL database.
My question is, is there a way of configuring the server to require users to change their passwords every now and then enforce rules to require users to make their passwords strong? This doesn't seem to be
documented in anywhere. I know that the source code is available but I don't know anything about the inside of Tomcat and wouldn't know where to begin for coding this myself.
Renny
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Container-Managed Password Expiration/Strength enforcing?
Posted by Mark Thomas <ma...@apache.org>.
Frank W. Zammetti wrote:
> Hi Renny,
>
> I'm relatively sure Tomcat does not offer anything like this. I know at
> work, we faced the same issues and developed a whole Security Framework
> to sit on top of J2EE security. We're actually a Websphere shop, but
> Websphere doesn't offer those capabilities either. That doesn't
> automatically mean Tomcat doesn't of course, but I'm fairly sure it
> doesn't.
It doesn't. Sorry.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Container-Managed Password Expiration/Strength enforcing?
Posted by "Frank W. Zammetti" <fz...@omnytex.com>.
Hi Renny,
I'm relatively sure Tomcat does not offer anything like this. I know at
work, we faced the same issues and developed a whole Security Framework
to sit on top of J2EE security. We're actually a Websphere shop, but
Websphere doesn't offer those capabilities either. That doesn't
automatically mean Tomcat doesn't of course, but I'm fairly sure it doesn't.
Frank
fmiddleton@verizon.net wrote:
> I am running Tomcat 5.5.12. I Use the sever's container-managed authentication mechanisms to require authentication for my web application users' credentials via forms. The users' ids and passwords
> are stored on an MySQL database.
>
> My question is, is there a way of configuring the server to require users to change their passwords every now and then enforce rules to require users to make their passwords strong? This doesn't seem to be
> documented in anywhere. I know that the source code is available but I don't know anything about the inside of Tomcat and wouldn't know where to begin for coding this myself.
>
> Renny
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
>
> .
>
--
Frank W. Zammetti
Founder and Chief Software Architect
Omnytex Technologies
http://www.omnytex.com
AIM: fzammetti
Yahoo: fzammetti
MSN: fzammetti@hotmail.com
Java Web Parts -
http://javawebparts.sourceforge.net
Supplying the wheel, so you don't have to reinvent it!
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org