i have done the changes th regarding point 1(replacing the default regex with my regex) but regarding other points like 2 and 3, i think changes may be required in data store too like column for
1) which date ,the last password got changed 2)column having history of last 15 pwd 3)column indiacting the count how many time wrong pwd is entered This is how it is done in typical web application.But for now i dont want to introduce any data store changes. One reason is we have to upgrade to latest wiki version with new release. On Wed, Feb 15, 2012 at 4:48 PM, Edo Beutler <ebeut...@synventis.com> wrote: > Hi Mohit > > Whilst, AFAIK, not possible by default it should not be to hard to > write your own password change script or (better since testable) Java > component. > 1) Submit your password change form to your page where you can check > all your specifications. > Counting the failed logins is probably something you should do in your > authentication method. > 2) Belongs also to the authentication: if last change >30 days show > your password change form > 3) Create a class with a password(! - of course not plain text) field > and on each password change you add also an object of this class to > the user page. Then when changing a new password just check if there > is an object with a password matching the new one. > 4) maybe add a field 'locked' to the user class ... or just use the > field 'active' and set locked users to inactive > > At least that's how I would approach it > Edo > > > On Wed, Feb 15, 2012 at 11:43 AM, mohit gupta <motgu...@gmail.com> wrote: > > Hi, > > > > I want to apply a specicific set of rules to password policy in xwiki so > > that that if any new user/existing user(in case he want to change the > > existing password) > > adhere to this policy. Some of the rules are like :- > > > > 1)Password should have following charectics > > A minimum password length of fourteen (12) characters > > Contain at least one alpha characters (a-z, A-Z). > > Contain at least one Upper Case Alpha character (A-Z). > > Contain at least one numeric character (0-9). > > Contain at least one “special” character, such as the following:~ ` ! > @ # > > $ % ’ > > The maximum number of failed login attempts shall be set to 3. > > 2)Passwords are required to be changed every 30 days > > 3)A password history of last 13 passwords must be maintained so that new > > password is not among last 13 passwords > > 4)Where any user account has been locked out, admin should be subject to > > reset the password > > > > My first question is about point 1 . I can see one way to modify > > registration password matching regex at > > http://wikiURL/myWiki/bin/edit/XWiki/Registration?editor=wiki > > so that i can change default policy from 6 character to customized policy > > as per point 1. Is there any other way to from user interface ? > > > > Second point is i don't see any configuration setting to fulfil the > > requirements 2,3 and 4. Does xwiki support this kind of configuration > too? > > _______________________________________________ > > users mailing list > > users@xwiki.org > > http://lists.xwiki.org/mailman/listinfo/users > _______________________________________________ > users mailing list > users@xwiki.org > http://lists.xwiki.org/mailman/listinfo/users > _______________________________________________ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
