[MDEV-6554] Password security compliance check Created: 2014-08-08  Updated: 2015-10-31  Resolved: 2015-02-17

Status: Closed
Project: MariaDB Server
Component/s: Plugins
Fix Version/s: N/A

Type: Task Priority: Major
Reporter: Aleksej Trofimov Assignee: Sergei Golubchik
Resolution: Duplicate Votes: 0
Labels: None

Issue Links:
Duplicate
is duplicated by MDEV-7597 Expiration of user passwords Closed
is duplicated by MDEV-7598 Block user accounts after failed logi... Closed
Relates
relates to MDEV-6431 password validation Closed

 Description   

Hi All,
as per enterprise security requirements I just wanted to ask, if it's possible to extend the complexity policies to meet certain password requirements like:
enforce password expiration period, like configurable parameter of the password policy? After a certain amount of time password expires and got invalidated?

In addition to, in order to be fully security compliant, previous passwords should be saved in order to enforce user not to repeat previous N passwords. That feature currently can be implemented using triggers, however superuser always has possibility to replace or change trigger, so embedded mechanism would be preferable =)

Thank you!

 Comments   
Comment by Sergei Golubchik [ 2014-08-22 ]

Password expiration: yes, possible. I've put a tentative version of 10.2, but this can be changed.

To save previous passwords — a password validation plugin (MDEV-6431) can easily do that. But it might require support for multiple password validation plugins.

Comment by Colin Charles [ 2015-01-22 ]

As a design note, Adam Scott (adam.c.scott@gmail.com) on the mailing list says:
For MDEV-6554 you may want to add the ability to prevent 3 or more repeating characters and not match the account id.

Comment by Sergei Golubchik [ 2015-02-17 ]

Split and moved to MDEV-7597 and MDEV-7598

Generated at Thu Feb 08 07:12:48 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.