Graylog2 / graylog2-server

Free and open log management
https://www.graylog.org
Other
7.4k stars 1.06k forks source link

add option for user password rules (complexity/length) #5283

Open jalogisch opened 5 years ago

jalogisch commented 5 years ago

Expected Behavior

It should be possible to configure rules for the passwords in Graylog to apply local policies to the Graylog local users.

Context

Current Graylog only has 6 character limit on the passwords for local users but did not allow to adjust the rules for user passwords to the local rules. That could be a longer password or a given complexity.

This would add more security and would allow users to apply with auditor given rules and their local Graylog users.

Your Environment

HS-752580481

vinnimin commented 4 years ago

Hello guys, is that functionality was added to graylog? Are there any prediction when we will have it? Thanks.

patrickmann commented 2 years ago

Another user has requested the ability to set password length / complexity / retry attempts.

Bernie-at-Graylog commented 2 years ago

"Enterprise customer requesting this feature in HS-752580481"

bernd commented 2 years ago

@boosty Ping

StefanTheGerman commented 1 year ago

Enterprise customer requesting this feature in HS-1620760652

martinmdp commented 5 months ago

Hi, please add this improvement, it is really necessary in terms of information security, I had to configure an LDAP server to meet security requirements

dunn-graylog commented 3 months ago

Giving this a bump, request from HS-16309434394.

Assuming Graylog can't reach external identity sources then the policy must be able to be set directly on Graylog.

tumauwt commented 1 day ago

If Graylog expects to meet US Federal Government security standards or even sane industry security standards, this feature is a must have. Even leveraging external identity sources does not alleviate Graylog of the responsibility to ensure Local Accounts are adequately protected with support for password complexity policies.