Tuesday, 2 March 2010

How to make Archiva less paranoid about passwords

After just 3 login attempts a user's account is locked by Archiva, which is quite bad if a whole team and continuous integration servers uses the same account.

I think you should just add an exponentially growing timeout to when the user can log in (maybe per source ip) or at least make it configurable from the frontend. But anyways, for our internal/firewalled archiva this sort of thing is a bit of over kill.

I finally found out how to convince it to be more lenient.
Just add the following content:
security.policy.password.expiration.days=999999
security.policy.password.expiration.enabled=false
security.policy.allowed.login.attempt=300
security.policy.password.previous.count=1
security.policy.password.rule.reuse.enabled=false


to the equivalent file to your system:
glassfish_2.1/domains/archiva/lib/classes/org/apache/maven/archiva/security.properties


http://osdir.com/ml/users-archiva-apache/2009-02/msg00031.html

No comments:

Post a comment