modules/password_policy/README.txt

// $Id$

Password policy
==========================================
This module provides a way to specify a certain level of password
complexity (aka. "password hardening") for user passwords on a
system by defining a password policy.

A password policy can be defined with a set of constraints which
must be met before a user password change will be accepted. Each
constraint has a parameter allowing for the minimum number of valid
conditions which must be met before the constraint is satisfied.

Example: an uppercase constraint (with a parameter of 2) and a
digit constraint (with a parameter of 4) means that a user password
must have at least 2 uppercase letters and at least 4 digits for it
to be accepted.

Current constraints include:

  * Digit constraint
  * Letter constraint
  * Letter/Digit constraint (Alphanumeric)
  * Length constraint
  * Uppercase constraint
  * Lowercase constraint
  * Punctuation constraint
  * Character types constraint (allows the adminstrator to set the minimum
    number of character types required, but without actually dictating which
    ones must be used.  Example - Windows requires any 3 (user's choice) of
    uppercase, lowercase, numbers, or punctuation.
  * History constraint (checks hashed password against a
    collection of users previous hashed passwords looking for
    recent duplicates)
  * Username constraint

The module also implements configurable password expiration features:

  * When a password is not changed for a certain amount of time the user is blocked.
  * Expiration of the passwords can begin after expiration time after enabling of the
    policy or immediately all users with a passwords older then expiration time will
    be blocked (retroactive behavior).
  * The notifications (warnings) are mailed to the users several times (configurable)
    before the password expires. Drupal message is shown on login before the expiration
    and the user is forwarded to a password change page.
  * Warning e-mail message's subject and body are configurable.
  * When the password expires the user can be immediately blocked, or he can be let to
    login to the site once to change his password. If he does not change the password
    on that login, he won't be able to login again (will be bocked).


Requirements
==========================================
This version of the module is written and tested with a Drupal 6

Credits
==========================================
Drupal 4.7 version was written by David Ayre <drupal at ayre dot ca>
Refactored and maintained by Miglius Alaburda <miglius at gmail dot com>
Sponsored by Bryght, SPAWAR, McDean

1	// $Id$
2
3	Password policy
4	==========================================
5	This module provides a way to specify a certain level of password
6	complexity (aka. "password hardening") for user passwords on a
7	system by defining a password policy.
8
9	A password policy can be defined with a set of constraints which
10	must be met before a user password change will be accepted. Each
11	constraint has a parameter allowing for the minimum number of valid
12	conditions which must be met before the constraint is satisfied.
13
14	Example: an uppercase constraint (with a parameter of 2) and a
15	digit constraint (with a parameter of 4) means that a user password
16	must have at least 2 uppercase letters and at least 4 digits for it
17	to be accepted.
18
19	Current constraints include:
20
21	* Digit constraint
22	* Letter constraint
23	* Letter/Digit constraint (Alphanumeric)
24	* Length constraint
25	* Uppercase constraint
26	* Lowercase constraint
27	* Punctuation constraint
28	* Character types constraint (allows the adminstrator to set the minimum
29	number of character types required, but without actually dictating which
30	ones must be used. Example - Windows requires any 3 (user's choice) of
31	uppercase, lowercase, numbers, or punctuation.
32	* History constraint (checks hashed password against a
33	collection of users previous hashed passwords looking for
34	recent duplicates)
35	* Username constraint
36
37	The module also implements configurable password expiration features:
38
39	* When a password is not changed for a certain amount of time the user is blocked.
40	* Expiration of the passwords can begin after expiration time after enabling of the
41	policy or immediately all users with a passwords older then expiration time will
42	be blocked (retroactive behavior).
43	* The notifications (warnings) are mailed to the users several times (configurable)
44	before the password expires. Drupal message is shown on login before the expiration
45	and the user is forwarded to a password change page.
46	* Warning e-mail message's subject and body are configurable.
47	* When the password expires the user can be immediately blocked, or he can be let to
48	login to the site once to change his password. If he does not change the password
49	on that login, he won't be able to login again (will be bocked).
50
51
52	Requirements
53	==========================================
54	This version of the module is written and tested with a Drupal 6
55
56	Credits
57	==========================================
58	Drupal 4.7 version was written by David Ayre <drupal at ayre dot ca>
59	Refactored and maintained by Miglius Alaburda <miglius at gmail dot com>
60	Sponsored by Bryght, SPAWAR, McDean
61