[
https://issues.jboss.org/browse/AS7-2756?page=com.atlassian.jira.plugin.s...
]
Darran Lofthouse updated AS7-2756:
----------------------------------
Assignee: (was: Brian Stansberry)
Implement username / password strength checks
---------------------------------------------
Key: AS7-2756
URL:
https://issues.jboss.org/browse/AS7-2756
Project: Application Server 7
Issue Type: Feature Request
Components: Domain Management
Reporter: Darran Lofthouse
Fix For: Open To Community
The AS 7.1 distribution now contains a utility for adding new users to the property
files, this utility contains some very basic checks of the username and password e.g. bad
choices of username and disallowing passwords which match the username.
This Jira is to implement a more advanced check to enforce complexity.
I believe we should have something along the lines of a util that will take a username
and password and will respond ACCEPT, REJECT, or WARN where WARN has a message to display
to the user and the user an opportunity to ignore the warning or return to re-entry of the
details.
At some point in the future this could become a management operations so the
implementation shouldn't be too constrained to the current command line tool.
As a management op we may also want to take into account the user making the request,
i.e. a user changing their own password has tighter restrictions than the overall
administrator.
As the add user script is currently stand alone this may be a nice task for someone to
undertake who would like to get more familiar with submitting an AS change without needing
to get too involved with the internals of the application server at this stage.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see:
http://www.atlassian.com/software/jira