Creating a plugin to manage password policy settings

[guillaume-paradis-telus]

Hi!

We plan on using Pydio 8 Community for exchanging files with one of our business partners, but they asked to have access to manage their user accounts. While we can do that with groups, we need to make sure minimum password policies are respected. Unfortunately, 2FA does not seem like a viable solution, as their users may not have a phone to install Google Authenticator on.

We want to contribute to the Pydio project by helping develop a password policy plugin where the password policies can be configured, and enforced in the GUI, when the user changes his password, or when an account is being created.

Here are the proposed password policy features:

• Password complexity (number of alpha/numeric/other characters)
• Password age warning (sending e-mail X days after last password change)
• Password age hard limit (sending e-mail and forcing password change X days after last password change)
• Limit reuse of the last X passwords
• Limit use of userid and first / last name in password
• Limit use of specific words in password

Some questions:

• Can you direct me to some documentation around creating such a plugin?
• Which type of plugin would that be, core. or action.?
• Is action.skeleton a good starting point?
• How would I plug into specific events like submitting a password change?

Any help or guidance is welcome!!

Thanks!

[cdujeu]

hi guillaume - actually the Enterprise Distribution does provide such a plugin. Any plans to have you switch to this distribution instead ? :-)