Liferay now implements enterprise password policies and user account lockout. Password policies can either be managed internally (from the Enterprise Admin Portlet), or it can be delegated to LDAP (from Enterprise Admin Portlet -> Authentication -> LDAP -> User LDAP Password Policy).

Password Policy Settings #

Changeable Settings #

• Changeable: Allow user to change his own password
• Change Required: Require the user to change his password (?)
• Minimum Age: This determines how long a user must wait before changing their password again

Syntax Checking #

• Syntax Checking Enabled: Enable portal to check for certain words and length requirements
• Allow Dictionary Words: Allow a dictionary word to be used as the password
• Minimum Length: The minimum length of a password

Password History #

• History Enabled: Enable tracking of password history, to prevent reuse of old passwords
• History Count: The number of passwords to keep in the history

Password Expiration #

• Expiration Enabled: Enable passwords to expire after a specified time
• Maximum Age: The maximum time that a password is valid, before it needs to be changed again
• Warning Time: The time before a password expires, in which to warn the user of the upcoming password expiration
• Grace Limit: The number of logins allowed after the password has already expired

User Account Lockout #

• Lockout Enabled: Enable user accounts to get locked out after a specified number of failed logins
• Maximum Failure: The maximum number of failed login attempts before the account is locked out
• Reset Failure Count: The time before the "failed login count" is reset
• Lockout Duration: The time that a user is locked out, preventing them from logging in

Screenshots #

Password Policy (Default) #

Password Policy (Using all policies) #