search

fbordina / pwm

Automatically exported from code.google.com/p/pwm
0 stars 0 forks source link

Password requirements won't allow numbers or special characters #449

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. Install from source (svn co), or the latest two zip files
2. Go to change password
3. Read the requirement "Must not include any numeric characters"
4. Update in the ConfigManager to allow (true) numbers in passwords
5. Double check WEB-INF/PwmConfiguration.xml and force 
`password.policy.allowNumeric` to have the subkey `<value>true</value>`
6. Restart tomcat7 just in case...

I expect that numbers will be allowed but they will not, no matter what my 
settings are.

I'm using the latest version from SVN with OpenLDAP 2.4.28

Checking the logs I see the following entry:

Fri Aug 16 11:16:23 CDT 2013, INFO , password.pwm.PwmApplication, loaded pwm 
global password policy: PwmPasswordPolicy: {MinimumLowerCase=0, 
MinimumSpecial=1, MaximumUpperCase=0, MaximumNumeric=0, MaximumOldChars=0, 
EnableWordlist=true, MinimumLifetime=0, RegExMatch=, MinimumUnique=0, 
MinimumNonAlpha=0, DisallowedAttributes=[cn, givenName, sn], 
DisallowCurrent=true, MinimumStrength=0, AllowNumeric=true, ChangeMessage=, 
MinimumAlpha=0, MaximumLowerCase=0, AllowSpecial=false, ADComplexity=false, 
MaximumLength=0, MaximumRepeat=0, AllowFirstCharNumeric=true, MinimumLength=7, 
MaximumSequentialRepeat=0, AllowLastCharSpecial=false, MinimumNumeric=0, 
MaximumAlpha=0, RegExNoMatch=, MaximumNonAlpha=0, MaximumSpecial=0, 
MinimumUpperCase=0, AllowFirstCharSpecial=false, DisallowedValues=[password, 
test], AllowLastCharNumeric=true}

Especially the attribute "AllowNumeric=true" implies that this should be 
functional. However, it still is not.

I've tried with the Password policy source as "Local", "Merged", and "PWM". 
None of the settings offers a working configuration. 

Help?

Original issue reported on code.google.com by rasche.e...@gmail.com on 16 Aug 2013 at 4:29

GoogleCodeExporter commented 9 years ago 
The issue has magically and inexplicably resolved itself.

Original comment by rasche.e...@gmail.com on 16 Aug 2013 at 4:39

GoogleCodeExporter commented 9 years ago 
Hooray for magic.  In the future, please ask for help on the pwm-general google 
group.  These issues are for reporting defects.

Original comment by jrivard on 16 Aug 2013 at 4:40

GoogleCodeExporter commented 9 years ago 
Will do. Cheers.

Original comment by rasche.e...@gmail.com on 16 Aug 2013 at 4:44

GoogleCodeExporter commented 9 years ago 
I have the same issue: 
allow numeric but number is still not allowed in the password.
checked WEB-INF/PwmConfiguration.xml and `password.policy.allowNumeric` is 
default, even I manually set it to `<value>true</value>`, then restart tomcat7, 
still cannot make it work.

version: pwm1.7.1

Thanks

Original comment by baolima2...@gmail.com on 16 May 2014 at 12:50

GoogleCodeExporter commented 9 years ago 
Had the same issue -- after changing Password Policy to local, you also need to 
clean up pwm fields from the LDAP -- probably only event log. I assume it 
contains user-specific policy settings, which override the global PWM settings.

Original comment by tagir.ba...@gmail.com on 19 May 2015 at 12:45