I set up an Archiva 2.2 server a while back, and thought I'd succeeded in disabling the requirement to renew the password after so many days, not allow reuse of the last X number of passwords, etc. Earlier this week I was rudely surprised to find that I had to reset my password. How can I stop this?
I am running Archiva on port 8080, starting it with $ cd /opt/apache-archiva-2.2.0 $ nohup bin/archiva console start & I created a ~/.m2/security.properties file based on the one at http://archiva.apache.org/docs/2.2.0/adminguide/customising-security.html. Mine is shown below. The two properties in bold I thought would disable password expiration. # http://archiva.apache.org/docs/2.2.0/adminguide/customising-security.html # https://github.com/apache/archiva-redback-core/blob/master/redback-configuration/src/main/resources/org/apache/archiva/redback/config-defaults.properties # Security Policies #security.policy.password.encoder= *security.policy.password.previous.count=-1security.policy.password.expiration.enabled=false* security.policy.password.expiration.days=180 security.policy.password.expiration.notify.days=10 security.policy.allowed.login.attempt=10 # Password Rules security.policy.password.rule.alphanumeric.enabled=false security.policy.password.rule.alphacount.enabled=true security.policy.password.rule.alphacount.minimum=1 security.policy.password.rule.characterlength.enabled=true security.policy.password.rule.characterlength.minimum=1 security.policy.password.rule.characterlength.maximum=8 security.policy.password.rule.musthave.enabled=true security.policy.password.rule.numericalcount.enabled=true security.policy.password.rule.numericalcount.minimum=1 security.policy.password.rule.reuse.enabled=true security.policy.password.rule.nowhitespace.enabled=true Maybe that's not enough? In looking a the archiva-redback-core on GitHub, I see *two additional settings* under Security Policies: # turn off the perclick enforcement of various security policies, slightly # more heavyweight since it will ensure that the User object on each click # is up to date security.policy.strict.enforcement.enabled=true security.policy.strict.force.password.change.enabled=true So, if I add these properties to my ~/.m2/security.properties file, set both to false, kill Archiva and restart it, will this disable the password reset requirement? If not, how can I do so? -- "Hell hath no limits, nor is circumscrib'd In one self-place; but where we are is hell, And where hell is, there must we ever be" --Christopher Marlowe, *Doctor Faustus* (v. 121-24)
