Thoughts about password policies (discussion @ #tmwdev 2008-08-21)

Configure and enforce password policies between tmwserv and tmwweb:

Both modules, tmwserv and tmwweb should use the same policies to check end enforce passwords. Therefore its just natural to have a common place to configure those policies.

Suggestion: use the tmwserv xml config file and add a section for password policies.

Here is a list of policies that shoul be supported and configurable by the server admin:

• minimum and maximum length of a password
• minimum amount of capital letters
• minimum amount of lowercase letters
• minimum amount of special characters
• list with valid chars to prevent special chars like tab or simple predefine an ascii range of allowed chars
• blacklist with passwords