next up previous contents
Next: IEP Data Overview Up: Open Administration for Schools Previous: Data Tables / Scripts

Password Policy

Configuration values are stored in the etc/admin.conf configuration file for each school. There are 2 groups; one for student passwords and one for staff passwords.

$g_studentpwd_minlen = 4;
$g_studentpwd_maxlen = 6;
$g_studentpwd_genlen = 6;
$g_studentpwd_signs = 0;
$g_studentpwd_caps = 0;

# Staff Password Generation
$g_staffpwd_minlen = 6;
$g_staffpwd_maxlen = 0; # unlimited
$g_staffpwd_genlen = 6;
$g_staffpwd_signs = 0;
$g_staffpwd_caps = 1;

The values affect both password generation and password checking.

The minimum length (minlen) is the minimum length, both for generating and checking. The maxlen is the maximum length a password can be for checking. The genlen is the length of the generated password. The signs are used for checking the presence of non-alphanumeric values in passwords. The caps is used for the generation and checking of capitals present in the password.

Two different perl modules are used for passwords:

  1. Generate Passwords (Crypt::GeneratePassword) - is used to generate passwords (typically via the meta library function.

  2. Check Passwords (Data::Password) - is used to check password quality when editing or storing password values.

Other Settings for Checking/ Generating passwords, that are found in scripts (and therefore are default behaviours) also include lang, minfreq, avgfreq, and the following:

  1. $DICTIONARY - Minimal length for dictionary words that are not allowed to appear in the password. Set to false to disable dictionary check.

  2. $FOLLOWING - Maximal length of characters in a row to allow if the same or following. If $FOLLOWING_KEYBOARD is true (default), the module will also check for alphabetical keys following, according to the English keyboard layout. Set $FOLLOWING to false to bypass this check.

  3. $GROUPS - Groups of characters are lowercase letters, uppercase letters, digits and the rest of the allowed characters. Set $GROUPS to the number of minimal character groups a password is required to have. Setting to false or to 1 will bypass the check.

  4. $MINLEN / $MAXLEN - Minimum and maximum length of a password. Both can be set to false.


next up previous contents
Next: IEP Data Overview Up: Open Administration for Schools Previous: Data Tables / Scripts

2010-07-27