Entries tagged [password]

Friday Jan 14, 2011

https://id.apache.org -- New Password Service

Folks,

The infrastructure team are pleased to announce the availability of id.apache.org the new password management tool for all ASF committers and members. This new service will allow users to:

  1. Reset forgotten LDAP passwords themselves, no need to contact the Infra team anymore.
  2. The ability to change their LDAP password.
  3. The ability to update your LDAP record, i.e. change forename, surname or mail attributes. [1].
Users should note that this service will only allow you to manage your LDAP password, thus controlling access to those resources currently protected by LDAP authnz.

Once logged in you will note that some fields are not editable, this is by design and are there merely to show you your LDAP entry. You are currently only allowed to edit your Surname, Given name (Forename), and Mail attributes. This list may be extended as we make more features available, and they will be announced as and when.

Users of this service should note that we have a few small bugs to iron out, and this will be done as soon as possible. For example if you attempt to modify your details and do no re-enter your password you will currently see a generic HTTP 500 error.

Thanks must go to Ian Boston (ieb), and Daniel Shahaf (danielsh) for making this work. Ian provided the initial code (his first ever attempt at Python too). Daniel then took it and implemented several changes and generally improved the backend.

[1] - It should be noted that updating your mail record in LDAP will not currently have any affect on where your apache.org email is forwarded on too. This is planned to take place later this year.

Friday Dec 17, 2010

LDAP and password policy

As of approximately 03:00 (UTC) today the infrastructure team have enabled a password policy for all LDAP accounts.
This policy has been implemented at the LDAP infrastructure level and will affect all users. It has been deployed using OpenLDAP's password policy schema, and overlay.

At the time of launch we will be enforcing the following policy.

  • At the time of a given users 10th successive login failure the account will be locked.
  • The account will then be automatically unlocked 24 hours later, or until a member of root@ unlocks it for you.
  • If the user successfully completes a login before the tally reaches 10, the counter for failed logins is reset back to 0.

We are enabling this to try and prevent any brute force attempt at guessing passwords. It will also highlight potential issues with accounts.

As with all account related queries, you should be contacting root@ - We will be able to unlock your account for you, allowing you to gain access.

Calendar

Search

Hot Blogs (today's hits)

Tag Cloud

Categories

Feeds

Links

Navigation