...
| Info |
|---|
Passwords are stored in hashes (SHA1) and salted (salt common to the server), and it is therefore not possible to return your password to a user, but only to ask him to create a new one. |
Setting the requirements for internal passwords
It is possible, when using the internal User database authentication, to setpassword validation rules for the standard authentication system of the system.
To access the rules engine, go to the "Server Configuration" > "Administration" > "Authentication Services" section of the application. From there, you can either edit the current rule or create a new one by clicking the "Create a new validation condition" button. When creating a new rule, you can give it a name and select the desired options for password validation. It is possible to have multiple rules active at the same time, in which case they will be combined.
These rules can be used to specify requirements for passwords, such as :
minimum length,
complexity : number of uppercase, lowercase, and punctuation characters they must contain,
prevent password reuse : since version
: there is also a password logging option that prevents users from reusing the same password more than once. This option can be activated by adding a new validation rule and selecting the "Historization passwords" validation engine.Status colour Purple title 10.5.16
There is also an option to force users to change their passwords every certain number of days. This option can be configured in the "Global Settings" tab. If the value is set to 0, users will never be prompted to change their passwords.
When modified, a rule does not affect existing passwords.