Uploaded image for project: 'Qpid'
  1. Qpid
  2. QPID-8269

[Broker-J] Enforce password complexity in authentication providers managing credentials

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: qpid-java-broker-8.0.0
    • Component/s: Broker-J
    • Labels:
      None

      Description

      Validate the password credentials in Qpid authentication providers managing credentials to meet the following requirements:

      • Password length must be greater than predefined minimum password length limit (8 or 16 characters, by default)
      • Passwords included in the predefined blacklist must not be allowed
      • Passwords must not include repetitive or sequential patterns of more than 3 characters
      • Passwords must not include the account username
      • Password must be comprised of 3 out of the following 4 elements:
        • Lowercase characters (a through z)
        • Uppercase characters (A through Z)
        • Base 10 digits (0 through 9)
        • Special or non-alphanumeric characters (@,#,+,etc)
      • Passwords must not be reused the last 12 times

      The different password complexity policies can be applied for interactive and non interactive accounts.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              orudyy Alex Rudyy
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: