Uploaded image for project: 'Magnolia'
  1. Magnolia
  2. MAGNOLIA-6980

Security Password Policies: Standard "Password Policies" needed in Magnolia (password expiration etc.)

    XMLWordPrintable

Details

    • Improvement
    • Resolution: Unresolved
    • Major
    • None
    • 5.5.2
    • security
    • None

    Description

      Magnolia provides only one single "Password Policy":

      • Max number of failed attempts.

      The possible "Password Policies" should be extended to default possibilities/functionality almost every System offers (even not Enterprise):

      • Force change password on first login
      • Force change of password for a specific user
      • Force password strength and mandatory character usages
      • Force expiration time of all passwords
      • Force expiration time of a specific user
      • Force expiring all passwords now (everybody has to reset it now/next login)

      Maybe also:

      • A central place to define password strengths, best per user realm (so different for public users).
        A PUR based login form won't know about any regexp based validator on the password form field.

      Especially in combination with the PUR module and different types of users (Public Users) such functionality is very important. Public users are in most cases not managed over AD, where some of this behavior could be delegated to.

      Checklists

        Acceptance criteria

        Attachments

          Issue Links

            Activity

              People

                Unassigned Unassigned
                cringele Christian Ringele
                Joseph Kamwena
                AdminX
                Votes:
                5 Vote for this issue
                Watchers:
                22 Start watching this issue

                Dates

                  Created:
                  Updated:

                  Checklists

                    Task DoD