archiva-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Olivier Lamy <ol...@apache.org>
Subject Re: Disable password timeout, reset
Date Thu, 01 Oct 2015 11:47:43 GMT
Hi,

On 1 October 2015 at 02:11, Thad Humphries <thad.humphries@gmail.com> wrote:

> I set up an Archiva 2.2 server a while back, and thought I'd succeeded in
> disabling the requirement to renew the password after so many days, not
> allow reuse of the last X number of passwords, etc. Earlier this week I was
> rudely surprised to find that I had to reset my password. How can I stop
> this?
>
> I am running Archiva on port 8080, starting it with
>
> $ cd /opt/apache-archiva-2.2.0
> $ nohup bin/archiva console start &
>
> I created a ~/.m2/security.properties file based on the one at
> http://archiva.apache.org/docs/2.2.0/adminguide/customising-security.html.
> Mine is shown below. The two properties in bold I thought would disable
> password expiration.
>
> #
> http://archiva.apache.org/docs/2.2.0/adminguide/customising-security.html
> #
>
> https://github.com/apache/archiva-redback-core/blob/master/redback-configuration/src/main/resources/org/apache/archiva/redback/config-defaults.properties
>
> # Security Policies
> #security.policy.password.encoder=
>
>
> *security.policy.password.previous.count=-1security.policy.password.expiration.enabled=false*
> security.policy.password.expiration.days=180
> security.policy.password.expiration.notify.days=10
> security.policy.allowed.login.attempt=10
>
> # Password Rules
> security.policy.password.rule.alphanumeric.enabled=false
> security.policy.password.rule.alphacount.enabled=true
> security.policy.password.rule.alphacount.minimum=1
> security.policy.password.rule.characterlength.enabled=true
> security.policy.password.rule.characterlength.minimum=1
> security.policy.password.rule.characterlength.maximum=8
> security.policy.password.rule.musthave.enabled=true
> security.policy.password.rule.numericalcount.enabled=true
> security.policy.password.rule.numericalcount.minimum=1
> security.policy.password.rule.reuse.enabled=true
> security.policy.password.rule.nowhitespace.enabled=true
>
>
> Maybe that's not enough? In looking a the archiva-redback-core on GitHub, I
> see *two additional settings* under Security Policies:
>
> # turn off the perclick enforcement of various security policies, slightly
> # more heavyweight since it will ensure that the User object on each click
> # is up to date
> security.policy.strict.enforcement.enabled=true
> security.policy.strict.force.password.change.enabled=true
>
> So, if I add these properties to my ~/.m2/security.properties file, set
> both to false, kill Archiva and restart it, will this disable the password
> reset requirement? If not, how can I do so?
>

That should work otherwise you are facing a bug :-(
You can use a file located here as well
${appserver.home}/conf/security.properties


>
> --
> "Hell hath no limits, nor is circumscrib'd In one self-place; but where we
> are is hell, And where hell is, there must we ever be" --Christopher
> Marlowe, *Doctor Faustus* (v. 121-24)
>



-- 
Olivier Lamy
http://twitter.com/olamy | http://linkedin.com/in/olamy

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message