search

gandres / pwm

Automatically exported from code.google.com/p/pwm
0 stars 0 forks source link

Password requirements won't allow numbers or special characters #449

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. Install from source (svn co), or the latest two zip files
2. Go to change password
3. Read the requirement "Must not include any numeric characters"
4. Update in the ConfigManager to allow (true) numbers in passwords
5. Double check WEB-INF/PwmConfiguration.xml and force 
`password.policy.allowNumeric` to have the subkey `<value>true</value>`
6. Restart tomcat7 just in case...

I expect that numbers will be allowed but they will not, no matter what my 
settings are.

I'm using the latest version from SVN with OpenLDAP 2.4.28

Checking the logs I see the following entry:

Fri Aug 16 11:16:23 CDT 2013, INFO , password.pwm.PwmApplication, loaded pwm 
global password policy: PwmPasswordPolicy: {MinimumLowerCase=0, 
MinimumSpecial=1, MaximumUpperCase=0, MaximumNumeric=0, MaximumOldChars=0, 
EnableWordlist=true, MinimumLifetime=0, RegExMatch=, MinimumUnique=0, 
MinimumNonAlpha=0, DisallowedAttributes=[cn, givenName, sn], 
DisallowCurrent=true, MinimumStrength=0, AllowNumeric=true, ChangeMessage=, 
MinimumAlpha=0, MaximumLowerCase=0, AllowSpecial=false, ADComplexity=false, 
MaximumLength=0, MaximumRepeat=0, AllowFirstCharNumeric=true, MinimumLength=7, 
MaximumSequentialRepeat=0, AllowLastCharSpecial=false, MinimumNumeric=0, 
MaximumAlpha=0, RegExNoMatch=, MaximumNonAlpha=0, MaximumSpecial=0, 
MinimumUpperCase=0, AllowFirstCharSpecial=false, DisallowedValues=[password, 
test], AllowLastCharNumeric=true}

Especially the attribute "AllowNumeric=true" implies that this should be 
functional. However, it still is not.

I've tried with the Password policy source as "Local", "Merged", and "PWM". 
None of the settings offers a working configuration. 

Help?

Original issue reported on code.google.com by rasche.e...@gmail.com on 16 Aug 2013 at 4:29

GoogleCodeExporter commented 9 years ago 
The issue has magically and inexplicably resolved itself.

Original comment by rasche.e...@gmail.com on 16 Aug 2013 at 4:39

GoogleCodeExporter commented 9 years ago 
Hooray for magic.  In the future, please ask for help on the pwm-general google 
group.  These issues are for reporting defects.

Original comment by jrivard on 16 Aug 2013 at 4:40

GoogleCodeExporter commented 9 years ago 
Will do. Cheers.

Original comment by rasche.e...@gmail.com on 16 Aug 2013 at 4:44

GoogleCodeExporter commented 9 years ago 
I have the same issue: 
allow numeric but number is still not allowed in the password.
checked WEB-INF/PwmConfiguration.xml and `password.policy.allowNumeric` is 
default, even I manually set it to `<value>true</value>`, then restart tomcat7, 
still cannot make it work.

version: pwm1.7.1

Thanks

Original comment by baolima2...@gmail.com on 16 May 2014 at 12:50