2.27 password constraints enforced

Hi all,

I would like to clarify the following;

2.27 enforces the password requirement of at least 1 UPPERCASE, lowercase, numeric and non-alpha-numeric character and specified length for new users, password resets including password reset when password expiry is turned on. These enhancements are all good for us from an auditing perspective. It does not however enforce password reset on first login to a 2.27 instance when the password does not comply to the new requirements. We would need to give assurance that the new password requirement has been enforced by the system. I was looking qt shortening the password expiry but the shortest option is 90 days.

Is this by design or a bug?

Elmarie Claasen

HISP-SA

This message and any attachments are subject to a disclaimer published at http://www.hisp.org/policies.html#comms_disclaimer. Please read the disclaimer before opening any attachment or taking any other action in terms of this electronic transmission. If you cannot access the disclaimer, kindly send an email to disclaimer@hisp.org and a copy will be provided to you. By replying to this e-mail or opening any attachment you agree to be bound by the provisions of the disclaimer.

Hi Elmarie…

Yes its true that shortest might be 90 days, but if you have db access… set the expiry to 2014 or something like that, and everyone have to change their password (obviously… test locally first)

···

On Tue, Jul 11, 2017 at 9:43 AM, Elmarie Claasen elmarie@hisp.org wrote:

Hi all,

I would like to clarify the following;

2.27 enforces the password requirement of at least 1 UPPERCASE, lowercase, numeric and non-alpha-numeric character and specified length for new users, password resets including password reset when password expiry is turned on. These enhancements are all good for us from an auditing perspective. It does not however enforce password reset on first login to a 2.27 instance when the password does not comply to the new requirements. We would need to give assurance that the new password requirement has been enforced by the system. I was looking qt shortening the password expiry but the shortest option is 90 days.

Is this by design or a bug?

Elmarie Claasen

HISP-SA

This message and any attachments are subject to a disclaimer published at http://www.hisp.org/policies.html#comms_disclaimer. Please read the disclaimer before opening any attachment or taking any other action in terms of this electronic transmission. If you cannot access the disclaimer, kindly send an email to disclaimer@hisp.org and a copy will be provided to you. By replying to this e-mail or opening any attachment you agree to be bound by the provisions of the disclaimer.


Mailing list: https://launchpad.net/~dhis2-users

Post to : dhis2-users@lists.launchpad.net

Unsubscribe : https://launchpad.net/~dhis2-users

More help : https://help.launchpad.net/ListHelp

Morten Olav Hansen

Senior Engineer, DHIS 2

University of Oslo

http://www.dhis2.org