dhis2-devs team mailing list archive

Thread
Date

2.27 password constraints enforced

To: DHIS 2 Developers list <dhis2-devs@xxxxxxxxxxxxxxxxxxx>, DHIS 2 Users list <dhis2-users@xxxxxxxxxxxxxxxxxxx>
From: Elmarie Claasen <elmarie@xxxxxxxx>
Date: Tue, 11 Jul 2017 03:43:28 +0200

Hi all,

I would like to clarify the following;

2.27 enforces the password requirement of at least 1 UPPERCASE, lowercase,
numeric and non-alpha-numeric character and specified length for new users,
password resets including password reset when password expiry is turned on.
These enhancements are all good for us from an auditing perspective.  It
does not however enforce password reset on first login to a 2.27 instance
when the password does not comply to the new requirements. We would need to
give assurance that the new password requirement has been enforced by the
system. I was looking qt shortening the password expiry but the shortest
option is 90 days.

Is this by design or a bug?

Elmarie Claasen
HISP-SA

-- 


*This message and any attachments are subject to a disclaimer published at 
http://www.hisp.org/policies.html#comms_disclaimer 
<http://www.hisp.org/policies.html#comms_disclaimer>.  Please read the 
disclaimer before opening any attachment or taking any other action in 
terms of this electronic transmission.  If you cannot access the 
disclaimer, kindly send an email to disclaimer@xxxxxxxx 
<disclaimer@xxxxxxxx> and a copy will be provided to you. By replying to 
this e-mail or opening any attachment you agree to be bound by the 
provisions of the disclaimer.*

Follow ups

Re: [Dhis2-users] 2.27 password constraints enforced
From: Morten Olav Hansen, 2017-07-13