Home Contact Download

Search




Ohloh statistics

Hosted by

LDAP Tool Box project: even LDAP administrators need help



You are here: Welcome on LTB project » Documentation » Self Service Password » Self Service Password » Password policy

Password policy

Configuration file: self-service-password/config.inc.php

Hashing

You can use these schemes to hash the password before sending it to LDAP directory:

  • SHA
  • SSHA
  • MD5
  • SMD5
  • CRYPT
  • clear

Set one of them in $hash: 

$hash = "clear";

This option is ignored with Active Directory mode.

Size

Set minimal and maximal length in $pwd_min_length and $pwd_max_length: 

$pwd_min_length = 4;
$pwd_max_length = 8;

Set 0 in $pwd_max_length to disable maximal length checking.

Characters

You can set the minimal number of lower, upper, digit and special characters: 

$pwd_min_lower = 3;
$pwd_min_upper = 1;
$pwd_min_digit = 1;
$pwd_min_special = 1;

Special characters are defined with a regular expression, by default: 

$pwd_special_chars = "^a-zA-Z0-9";

This means special characters are all characters except alphabetical letters and digits.

You can also disallow characters from being in password, with $pwd_forbidden_chars: 

$pwd_forbidden_chars = "@%";

This means that @ and % could not be present in a password.

Reuse

You can prevent a user from using his old password as a new password if this check is not done by the directory: 

$pwd_no_reuse = true;

Show policy

Password policy can be displayed to user by configuring $pwd_show_policy. Three values are accepted:

  • always: policy is always displayed
  • never: policy is never displayed
  • onerror: policy is only displayed if password is rejected because of it, and the user provided his old password correctly.
$pwd_show_policy = "never";