How we can improve our password policy into OTRS?

mmanara · Post by **mmanara** » 04 Mar 2020, 20:00

Hello,

I am using OTRS Version: 6.0.23. There's a standard way to setup a password policy? E.g.
- Force user to change password every x months
- Have a mandatory number of specials chars
- Define a password blacklist

Further, how to check if the current password are compliant with the policy implemented?

Thanks.

Massimo

zzz · Post by **zzz** » 04 Mar 2020, 20:04

Hey,

This free add-on might do what you're looking for https://www.znuny.com/add-ons/password-policy

Checking if the current password matches the policy is not possible by default. You'd need to add some custom code in the authentification module.

But you could 'force' everyone to set a new password after the installation of the add-on, even if the password is the same.

Best regards
Emin

mmanara · Post by **mmanara** » 04 Mar 2020, 20:07

Thanks Emin for your confirmation!

Post by **root** » 04 Mar 2020, 20:29

zzz wrote: ↑04 Mar 2020, 20:04 But you could 'force' everyone to set a new password after the installation of the add-on, even if the password is the same.

Hi,

A password request is enforced after the module is installed. But keep in mind this only works for the DB AuthModule. Enforcing a password policy e.g. for Active Directory needs to be done on by domain policy.

- Roy

mmanara · Post by **mmanara** » 04 Mar 2020, 20:53

Thanks Roy!

Znuny Open Source Ticketsystem

How we can improve our password policy into OTRS?

How we can improve our password policy into OTRS?

Re: How we can improve our password policy into OTRS?

Re: How we can improve our password policy into OTRS?

Re: How we can improve our password policy into OTRS?

Re: How we can improve our password policy into OTRS?