This wiki does not contain official documentation and is currently deprecated and read only. Please try reading the documentation on the Liferay Developer Network, the new site dedicated to Liferay documentation. DISCOVER Build your web site, collaborate with your colleagues, manage your content, and more. DEVELOP Build applications that run inside Liferay, extend the features provided out of the box with Liferay's APIs. DISTRIBUTE Let the world know about your app by publishing it in Liferay's marketplace. PARTICIPATE Become a part of Liferay's community, meet other Liferay users, and get involved in the open source project.

Wiki

« 返回到 Using Liferay

Password Policy and Account Lockout

详细信息 打印
标签: using liferay

Table of Contents [-]

  1. Password Policy Settings
    1. Changeable Settings
      1. Syntax Checking
        1. Password History
          1. Password Expiration
            1. User Account Lockout
            2. Screenshots
              1. Password Policy (Default)
                1. Password Policy (Using all policies)

                Liferay now implements enterprise password policies and user account lockout. Password policies can either be managed internally (from the Enterprise Admin Portlet), or it can be delegated to LDAP (from Enterprise Admin Portlet -> Authentication -> LDAP -> User LDAP Password Policy).

                Password Policy Settings #

                Changeable Settings #

                • Changeable: Allow user to change his own password
                • Change Required: Require the user to change his password (?)
                • Minimum Age: This determines how long a user must wait before changing their password again

                Syntax Checking #

                • Syntax Checking Enabled: Enable portal to check for certain words and length requirements
                • Allow Dictionary Words: Allow a dictionary word to be used as the password
                • Minimum Length: The minimum length of a password

                Password History #

                • History Enabled: Enable tracking of password history, to prevent reuse of old passwords
                • History Count: The number of passwords to keep in the history

                Password Expiration #

                • Expiration Enabled: Enable passwords to expire after a specified time
                • Maximum Age: The maximum time that a password is valid, before it needs to be changed again
                • Warning Time: The time before a password expires, in which to warn the user of the upcoming password expiration
                • Grace Limit: The number of logins allowed after the password has already expired

                User Account Lockout #

                • Lockout Enabled: Enable user accounts to get locked out after a specified number of failed logins
                • Maximum Failure: The maximum number of failed login attempts before the account is locked out
                • Reset Failure Count: The time before the "failed login count" is reset
                • Lockout Duration: The time that a user is locked out, preventing them from logging in

                Screenshots #

                Password Policy (Default) #

                Password Policy (Using all policies) #

                0 附件
                73981 查看
                平均 (0 票)
                满分为 5,平均得分为 0.0。
                评论
                讨论主题回复 作者 日期
                can we set the password maximum age for example... delang j 2009年3月10日 下午11:51
                Hello Sir, I am facing one issue after applied... javaamtho g g 2009年3月19日 上午7:54
                Actually I am using my own password policy for... javaamtho g g 2009年3月19日 上午7:55
                Exactly how do you implement a custom password... Edgar Vonk 2009年10月7日 上午5:11
                I tried to set "Change Required" to be true,... Farrel Chen 2011年6月1日 下午3:27
                bug:... Farrel Chen 2011年6月2日 上午10:42
                hi... how can i force users to use at least 1... Ricardo Vela 2012年4月25日 下午1:34
                Here is an example of our policy settings in... Eugene Massier 2012年7月23日 上午11:01
                Can you please tell me how can I uncheck the... Soumya Mukhopadhyay 2014年6月16日 上午2:09

                delang j
                can we set the password maximum age for example 1 week or less?
                在 09-3-10 下午11:51 发帖。
                javaamtho g
                Hello Sir,

                I am facing one issue after applied my password policy to my user as below.
                In Password Expiration
                I have setted max age 2 Weeks and Warning time 2 weeks but during warning time, if i am going to login with my regular user/pwd then its redirec to change password page where its forcefully asking to change my current pasword ..

                Please some body let me know is this bug of liferay or i not made proper configuration for change password.

                Waiting for your reply with proper answer.

                Thanks
                JavaAmtho.
                在 09-3-19 上午7:54 发帖。
                javaamtho g
                Actually I am using my own password policy for users.

                Thanks
                JavaAmtho
                在 09-3-19 上午7:55 发帖以回复 javaamtho g g
                Edgar Vonk
                Exactly how do you implement a custom password policy? I cannot find any documentation on this.
                在 09-10-7 上午5:11 发帖以回复 javaamtho g g
                Farrel Chen
                I tried to set "Change Required" to be true, and in the database it shows that the value was successfully set; however new users are not required to reset password at first sign in, unless I check the "reset required" check box at the user password page. So it seems to me the BeanParmUtil.getBoolean function doesn't work.
                在 11-6-1 下午3:27 发帖。
                Farrel Chen
                bug:
                http://www.liferay.com/community/forums/-/message_boards/message/9088810
                在 11-6-2 上午10:42 发帖以回复 Farrel Chen
                Ricardo Vela
                hi... how can i force users to use at least 1 uppercase ,1 lowercase and 1 digit... is there any way to do that or where can i set that from source code?
                在 12-4-25 下午1:34 发帖以回复 Farrel Chen
                Eugene Massier
                Here is an example of our policy settings in our porta-ext.properties

                ############################################################­########
                # PASSWORD POLICY SETTINGS
                ####################################################################
                pass­words.toolkit=com.liferay.portal.security.pwd.RegExpToolkit
                passwords.regexptoolk­it.pattern=(?=^.{12,24}$)((?=.*\\\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\\\d)(?=.*[^A-Za­-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\\\d)(?=.*[A-Z]­)(?=.*[^A-Za-z0-9]))^.*
                #Description
                #Password Filter Matching 3 of 4 Character categories: 1.) at least 1 upper case character 2.) at least 1 lower case character 3.) at least 1 numerical character 4.) at least 1 special character It also enforces a min and max length.
                #Matches
                #Passw0rd | assW@rd | 1B2a345@#$%
                #Non-Matches
                #123123123 | Password | asdf&
                在 12-7-23 上午11:01 发帖以回复 Ricardo Vela
                Soumya Mukhopadhyay
                Can you please tell me how can I uncheck the "Changeable" option in the dashboard default password policy ? By default its showing checked in the dashboard default password policy and its not allowing me to uncheck it .

                Can you tell me the portal.ext.properties setting corresponding to this setting ?
                在 14-6-16 上午2:09 发帖。