You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by bu...@apache.org on 2013/04/13 08:56:42 UTC
svn commit: r858306 - in /websites/staging/directory/trunk/content: ./
apacheds/advanced-ug/4.3-password-policy.html
Author: buildbot
Date: Sat Apr 13 06:56:42 2013
New Revision: 858306
Log:
Staging update by buildbot for directory
Modified:
websites/staging/directory/trunk/content/ (props changed)
websites/staging/directory/trunk/content/apacheds/advanced-ug/4.3-password-policy.html
Propchange: websites/staging/directory/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Sat Apr 13 06:56:42 2013
@@ -1 +1 @@
-1467563
+1467564
Modified: websites/staging/directory/trunk/content/apacheds/advanced-ug/4.3-password-policy.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/advanced-ug/4.3-password-policy.html (original)
+++ websites/staging/directory/trunk/content/apacheds/advanced-ug/4.3-password-policy.html Sat Apr 13 06:56:42 2013
@@ -140,7 +140,7 @@
<h1 id="43-password-policy">4.3. Password Policy</h1>
<p>The <strong>Password Policy</strong> is a <strong><a href="http://tools.ietf.org/html/draft-behera-ldap-password-policy-10">RFC</a></strong> draft that has been designed for the very first version in 1999, and the latest version is from 2009. Although it's still a draft, and it's currently noted as inactive, it has been implemented by many existing <strong>LDAP</strong> servers.</p>
<p><strong>ApacheDS</strong> implements the draft.</p>
-<p><DIV class="warn" markdown="1">
+<p><DIV class="warning" markdown="1">
Enforcing a strict passowrd policy is extremely punitive to users. It may leads users to workaround the policy by storing their password in a postit, an workaround that will defeat any password policy...</p>
<p>Always try to think about better alternatives than force users to always define password with 10 or more characters, including numbers, upper and lower case, special chars, and to change it every month...</p>
<p>A long sentence (4 or 5 words), like "The horse has won the race three time" is most certainly a better passowrd than any other combinaison, and is easy to remember...