[
https://issues.apache.org/jira/browse/QPID-8269?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alex Rudyy resolved QPID-8269.
------------------------------
Resolution: Won't Fix
The authentication using LDAP, Kerberos, OAUTH2 should be used in
production.Managing credentials on broker side should be avoided
> [Broker-J] Enforce password complexity in authentication providers managing
> credentials
> ---------------------------------------------------------------------------------------
>
> Key: QPID-8269
> URL: https://issues.apache.org/jira/browse/QPID-8269
> Project: Qpid
> Issue Type: Improvement
> Components: Broker-J
> Reporter: Alex Rudyy
> Priority: Major
>
> Validate the password credentials in Qpid authentication providers managing
> credentials to meet the following requirements:
> * Password length must be greater than predefined minimum password length
> limit (8 or 16 characters, by default)
> * Passwords included in the predefined blacklist must not be allowed
> * Passwords must not include repetitive or sequential patterns of more than 3
> characters
> * Passwords must not include the account username
> * Password must be comprised of 3 out of the following 4 elements:
> ** Lowercase characters (a through z)
> ** Uppercase characters (A through Z)
> ** Base 10 digits (0 through 9)
> ** Special or non-alphanumeric characters (@,#,+,etc)
> * Passwords must not be reused the last 12 times
> The different password complexity policies can be applied for interactive and
> non interactive accounts.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
