Project

General

Profile

Feature #25232

mgr/dashboard: Support minimum password complexity rules

Added by Paul Cuzner over 1 year ago. Updated about 2 months ago.

Status:
Resolved
Priority:
Normal
Category:
dashboard/usermgmt
Target version:
Start date:
08/02/2018
Due date:
% Done:

0%

Source:
Tags:
Backport:
Reviewed:
Affected Versions:
Pull request ID:

Description

For local accounts, password should adhere to some basic complexity rules

Suggested rules;
- at least 6 chars in length
- must not be the same as the user account name
- consist of characters from the following groups
- alphabetic a-z, A-Z
- numbers 0-9
- special chars: !_@
- must use at least 1 special char


Related issues

Related to mgr - Feature #40248: mgr/dashboard: As a user, I want to change my password Resolved 06/10/2019
Related to mgr - Feature #25229: mgr/dashboard: Provide user enable/disable capability Resolved 08/02/2018
Related to mgr - Feature #24655: mgr/dashboard: Enforce password change upon first login Need Review 06/25/2018
Related to mgr - Feature #40329: mgr/dashboard: It should be possible to set an expiration date for the user password In Progress 07/18/2019
Related to mgr - Feature #39999: mgr/dashboard: Prevent brute-force/dictionary attacks against existing local user accounts New 05/22/2019
Related to mgr - Feature #41789: mgr/dashboard: Passwords have a minimum length Closed 09/12/2019
Related to mgr - Documentation #42165: mgr/dashboard: Document new password requirements in the installation documentation New 10/02/2019

History

#1 Updated by Lenz Grimmer about 1 year ago

  • Subject changed from mgr/dashboard support minimum password complexity rules to mgr/dashboard: Support minimum password complexity rules

#2 Updated by Lenz Grimmer about 1 year ago

  • Category changed from dashboard/general to dashboard/usermgmt

#3 Updated by Lenz Grimmer 6 months ago

  • Tags set to security
  • Target version deleted (v14.0.0)
  • Tags deleted (dashboard, user)

#4 Updated by Elzbieta Dziomdziora 5 months ago

  • Assignee set to Elzbieta Dziomdziora

#5 Updated by Elzbieta Dziomdziora 5 months ago

  • Status changed from New to In Progress

#6 Updated by Elzbieta Dziomdziora 5 months ago

  • Status changed from In Progress to Need Review
  • Pull request ID set to 28693

#7 Updated by Elzbieta Dziomdziora 5 months ago

  • Pull request ID changed from 28693 to 28694

#8 Updated by Lenz Grimmer 4 months ago

  • Target version set to v15.0.0

#9 Updated by Lenz Grimmer 4 months ago

  • Related to Feature #40248: mgr/dashboard: As a user, I want to change my password added

#10 Updated by Lenz Grimmer 4 months ago

  • Related to Feature #25229: mgr/dashboard: Provide user enable/disable capability added

#11 Updated by Lenz Grimmer 4 months ago

  • Related to Feature #24655: mgr/dashboard: Enforce password change upon first login added

#12 Updated by Lenz Grimmer 4 months ago

  • Related to Feature #40329: mgr/dashboard: It should be possible to set an expiration date for the user password added

#13 Updated by Lenz Grimmer 4 months ago

  • Related to Feature #39999: mgr/dashboard: Prevent brute-force/dictionary attacks against existing local user accounts added

#14 Updated by Elzbieta Dziomdziora 4 months ago

  • Pull request ID changed from 28694 to 29312

#15 Updated by Elzbieta Dziomdziora 3 months ago

According to the coversation in PR28694 https://github.com/ceph/ceph/pull/28694 there are required rules:

Checks if it contains the username
Checks if it doesnt contains forbidden words (list of forbidden words: OSD, Host, Dashboard, Pool, Block, NFS, ceph, Monitors, Gateway, Logs, CRUSH, maps) <- maybe someone can add some words to the list.
Checks if the password the same as previous one
Checks if it has repetetive charackters(three or more identical charackters next to each other)
Checks if the password contains sequentials characters ( "1234")
Except for that there is a credit system:
Every password need to get a min rate of 10 credits.
For every character length a password gets +1 credit.
For having mixed upper & lowercase letters +2 credit.
For having numbers +1
For having symbols +3
For having non-western alphanumeric chars +5 credits

#16 Updated by Stephan Müller 2 months ago

  • Related to Feature #41789: mgr/dashboard: Passwords have a minimum length added

#17 Updated by Nathan Cutler about 2 months ago

  • Status changed from Need Review to New
  • Pull request ID deleted (29312)

#18 Updated by Nathan Cutler about 2 months ago

  • Status changed from New to Need Review
  • Pull request ID set to 29532

#19 Updated by Lenz Grimmer about 2 months ago

  • Status changed from Need Review to Resolved

Thanks a lot for your contribution, Elżbieta!

#20 Updated by Lenz Grimmer about 1 month ago

  • Related to Documentation #42165: mgr/dashboard: Document new password requirements in the installation documentation added

Also available in: Atom PDF