mgr/dashboard: Support minimum password complexity rules
For local accounts, password should adhere to some basic complexity rules
- at least 6 chars in length
- must not be the same as the user account name
- consist of characters from the following groups
- alphabetic a-z, A-Z
- numbers 0-9
- special chars: !_@
- must use at least 1 special char
#15 Updated by Elzbieta Dziomdziora 12 days ago
According to the coversation in PR28694 https://github.com/ceph/ceph/pull/28694 there are required rules:
Checks if it contains the username
Checks if it doesnt contains forbidden words (list of forbidden words: OSD, Host, Dashboard, Pool, Block, NFS, ceph, Monitors, Gateway, Logs, CRUSH, maps) <- maybe someone can add some words to the list.
Checks if the password the same as previous one
Checks if it has repetetive charackters(three or more identical charackters next to each other)
Checks if the password contains sequentials characters ( "1234")
Except for that there is a credit system:
Every password need to get a min rate of 10 credits.
For every character length a password gets +1 credit.
For having mixed upper & lowercase letters +2 credit.
For having numbers +1
For having symbols +3
For having non-western alphanumeric chars +5 credits