Manual:$wgPasswordPolicy

From MediaWiki.org
Jump to: navigation, search
Translate this page; This page contains changes which are not marked for translation.

Other languages:
English • ‎日本語 • ‎polski
Users: $wgPasswordPolicy
Specifies various settings related to password strength and security.
Introduced in version: 1.26.0 (Gerrit change 206156; git #1a20dc)
Removed in version: still in use
Allowed values: see below
Default value: see below
Other settings: Alphabetical | By function

Details[edit]

A password policy is of the form

$wgPasswordPolicy = array(
    'policies' => array(
        'group1' => array(
            'check1' => 'value1',
            // ...
        ),
        // ...
    ),
    'checks' => array(
        'check1' => 'callback1',
        // ...
    ),
);
  • group1 etc. are user groups, plus the special group default which is required to be present and applies to everyone.
  • check1 etc. are arbitrary check names, defined in the checks subarray. If the same check applies to a user via multiple groups, it will be applied with the max() of the values.
  • callable1 etc. are PHP callables, which receive three arguments: the defined value, the UserManual:User.php object and the password. Default checks (found in includes/password/PasswordPolicyChecks.php):
    • MinimalPasswordLength - Minimum length a user can set
    • MinimumPasswordLengthToLogin - Passwords shorter than this will not be allowed to login, regardless if it is correct.
    • MaximalPasswordLength - Maximum length password a user is allowed to attempt. Prevents DoS attacks with pbkdf2.
    • PasswordCannotMatchUsername - Password cannot match username
    • PasswordCannotMatchBlacklist - Username/password combination cannot match a specific, hardcoded blacklist.

Default[edit]

$wgPasswordPolicy = [
        'policies' => [
                'bureaucrat' => [
                        'MinimalPasswordLength' => 8,
                        'MinimumPasswordLengthToLogin' => 1,
                        'PasswordCannotMatchUsername' => true,
                        'PasswordCannotBePopular' => 25,
                ],
                'sysop' => [
                        'MinimalPasswordLength' => 8,
                        'MinimumPasswordLengthToLogin' => 1,
                        'PasswordCannotMatchUsername' => true,
                        'PasswordCannotBePopular' => 25,
                ],
                'bot' => [
                        'MinimalPasswordLength' => 8,
                        'MinimumPasswordLengthToLogin' => 1,
                        'PasswordCannotMatchUsername' => true,
                ],
                'default' => [
                        'MinimalPasswordLength' => 1,
                        'PasswordCannotMatchUsername' => true,
                        'PasswordCannotMatchBlacklist' => true,
                        'MaximalPasswordLength' => 4096,
                ],
        ],
        'checks' => [
                'MinimalPasswordLength' => 'PasswordPolicyChecks::checkMinimalPasswordLength',
                'MinimumPasswordLengthToLogin' => 'PasswordPolicyChecks::checkMinimumPasswordLengthToLogin',
                'PasswordCannotMatchUsername' => 'PasswordPolicyChecks::checkPasswordCannotMatchUsername',
                'PasswordCannotMatchBlacklist' => 'PasswordPolicyChecks::checkPasswordCannotMatchBlacklist',
                'MaximalPasswordLength' => 'PasswordPolicyChecks::checkMaximalPasswordLength',
                'PasswordCannotBePopular' => 'PasswordPolicyChecks::checkPopularPasswordBlacklist'
        ],
];


See also[edit]