Differences

This shows you the differences between two versions of the page.

Link to this comparison view

documentation:self-service-password:0.8:config_ppolicy [2017/01/25 12:09] (current)
Line 1: Line 1:
 +====== Password policy ======
 +
 +<​note>​Configuration file: ''​self-service-password/​conf/​config.inc.php''</​note>​
 +
 +===== Hashing =====
 +
 +You can use these schemes to hash the password before sending it to LDAP directory:
 +  * SHA
 +  * SSHA
 +  * MD5
 +  * SMD5
 +  * CRYPT
 +  * clear
 +
 +Set one of them in ''​$hash'':​
 +<file php>
 +$hash = "​clear";​
 +</​file>​
 +
 +<note important>​This option is ignored with Active Directory mode.</​note>​
 +
 +===== Size =====
 +
 +Set minimal and maximal length in ''​$pwd_min_length''​ and ''​$pwd_max_length'':​
 +<file php>
 +$pwd_min_length = 4;
 +$pwd_max_length = 8;
 +</​file>​
 +
 +<note tip>Set ''​0''​ in ''​$pwd_max_length''​ to disable maximal length checking.</​note>​
 +
 +===== Characters =====
 +
 +You can set the minimal number of lower, upper, digit and special characters:
 +<file php>
 +$pwd_min_lower = 3;
 +$pwd_min_upper = 1;
 +$pwd_min_digit = 1;
 +$pwd_min_special = 1;
 +</​file>​
 +
 +Special characters are defined with a regular expression, by default:
 +<file php>
 +$pwd_special_chars = "​^a-zA-Z0-9";​
 +</​file>​
 +
 +This means special characters are all characters except alphabetical letters and digits.
 +
 +You can also disallow characters from being in password, with ''​$pwd_forbidden_chars'':​
 +<file php>
 +$pwd_forbidden_chars = "​@%";​
 +</​file>​
 +
 +This means that ''​@''​ and ''​%''​ could not be present in a password.
 +
 +You can define how many different class of characters (lower, upper, digit, special) are needed in the password:
 +
 +<file php>
 +$pwd_complexity = 2;
 +</​file>​
 +
 +===== Reuse =====
 +
 +You can prevent a user from using his old password as a new password if this check is not done by the directory:
 +<file php>
 +$pwd_no_reuse = true;
 +</​file>​
 +
 +===== Show policy =====
 +
 +Password policy can be displayed to user by configuring ''​$pwd_show_policy''​. Three values are accepted:
 +  * ''​always'':​ policy is always displayed
 +  * ''​never'':​ policy is never displayed
 +  * ''​onerror'':​ policy is only displayed if password is rejected because of it, and the user provided his old password correctly.
 +
 +<file php>
 +$pwd_show_policy = "​never";​
 +</​file>​