Closed tangobravo62 closed 3 years ago
A password
command was added to the CLI, and passwords now need to conform to the following rules:
Note that the backend service of the User Manager cannot detect, whether a password was actually changed, because due to the BCrypt algorithm used the same password may yield different salted hashes with each encryption run. It is in the responsibility of the calling component (CLI, GUI) to make sure that the password was indeed altered (and that it conforms to any applicable password policy).
Currently only a user with privilege ROLE_USERMGR can change passwords. This shall extend to all users, and passwords entered shall be validated against password rules.