Feature #25232
closedFeature #47765: mgr/dashboard: security improvements
mgr/dashboard: Support minimum password complexity rules
0%
Description
For local accounts, password should adhere to some basic complexity rules
Suggested rules;
- at least 6 chars in length
- must not be the same as the user account name
- consist of characters from the following groups
- alphabetic a-z, A-Z
- numbers 0-9
- special chars: !_@
- must use at least 1 special char
Updated by Lenz Grimmer almost 6 years ago
- Subject changed from mgr/dashboard support minimum password complexity rules to mgr/dashboard: Support minimum password complexity rules
Updated by Lenz Grimmer about 5 years ago
- Translation missing: en.field_tag_list set to security
- Target version deleted (
v14.0.0) - Tags deleted (
dashboard, user)
Updated by Elzbieta Dziomdziora almost 5 years ago
- Assignee set to Elzbieta Dziomdziora
Updated by Elzbieta Dziomdziora almost 5 years ago
- Status changed from New to In Progress
Updated by Elzbieta Dziomdziora almost 5 years ago
- Status changed from In Progress to Fix Under Review
- Pull request ID set to 28693
Updated by Elzbieta Dziomdziora almost 5 years ago
- Pull request ID changed from 28693 to 28694
Updated by Lenz Grimmer almost 5 years ago
- Related to Feature #40248: mgr/dashboard: As a user, I want to change my password added
Updated by Lenz Grimmer almost 5 years ago
- Related to Feature #25229: mgr/dashboard: Provide user enable/disable capability added
Updated by Lenz Grimmer almost 5 years ago
- Related to Feature #24655: mgr/dashboard: Enforce password change upon first login added
Updated by Lenz Grimmer almost 5 years ago
- Related to Feature #40329: mgr/dashboard: It should be possible to set an expiration date for the user password added
Updated by Lenz Grimmer almost 5 years ago
- Related to Feature #39999: mgr/dashboard: Prevent brute-force/dictionary attacks against existing local user accounts added
Updated by Elzbieta Dziomdziora almost 5 years ago
- Pull request ID changed from 28694 to 29312
Updated by Elzbieta Dziomdziora almost 5 years ago
According to the coversation in PR28694 https://github.com/ceph/ceph/pull/28694 there are required rules:
Checks if it contains the username
Checks if it doesnt contains forbidden words (list of forbidden words: OSD, Host, Dashboard, Pool, Block, NFS, ceph, Monitors, Gateway, Logs, CRUSH, maps) <- maybe someone can add some words to the list.
Checks if the password the same as previous one
Checks if it has repetetive charackters(three or more identical charackters next to each other)
Checks if the password contains sequentials characters ( "1234")
Except for that there is a credit system:
Every password need to get a min rate of 10 credits.
For every character length a password gets +1 credit.
For having mixed upper & lowercase letters +2 credit.
For having numbers +1
For having symbols +3
For having non-western alphanumeric chars +5 credits
Updated by Stephan Müller over 4 years ago
- Related to Feature #41789: mgr/dashboard: Passwords have a minimum length added
Updated by Nathan Cutler over 4 years ago
- Status changed from Fix Under Review to New
- Pull request ID deleted (
29312)
https://github.com/ceph/ceph/pull/29312 was closed
Updated by Nathan Cutler over 4 years ago
- Status changed from New to Fix Under Review
- Pull request ID set to 29532
Updated by Lenz Grimmer over 4 years ago
- Status changed from Fix Under Review to Resolved
Thanks a lot for your contribution, Elżbieta!
Updated by Lenz Grimmer over 4 years ago
- Related to Documentation #42165: mgr/dashboard: Document new password requirements in the installation documentation added
Updated by Ernesto Puerta almost 4 years ago
- Status changed from Resolved to Pending Backport
- Backport set to nautilus
Updated by Ernesto Puerta almost 4 years ago
- Copied to Backport #46837: nautilus: mgr/dashboard: user management improvements (password change, password complexity, ...) added
Updated by Ernesto Puerta over 3 years ago
- Status changed from Pending Backport to Closed
- Backport deleted (
nautilus)
For clean/safe backport it requires more than 11 additionall PRs
Closing.
Updated by Ernesto Puerta about 3 years ago
- Project changed from mgr to Dashboard
- Category changed from 150 to Component - Users & Roles