Manual:$wgPasswordPolicy
Jump to navigation
Jump to search
| Users: $wgPasswordPolicy | |
|---|---|
| Specifies various settings related to password strength and security. |
|
| Introduced in version: | 1.26.0 (Gerrit change 206156; git #1a20dc) |
| Removed in version: | still in use |
| Allowed values: | see below |
| Default value: | see below |
| Other settings: Alphabetical | By function | |
Contents
Details[edit]
A password policy is of the form
$wgPasswordPolicy = array(
'policies' => array(
'group1' => array(
'check1' => 'value1',
// ...
),
// ...
),
'checks' => array(
'check1' => 'callable1',
// ...
),
);
group1etc. are user groups, plus the special groupdefaultwhich is required to be present and applies to everyone.check1etc. are arbitrary check names, defined in thecheckssubarray. If the same check applies to a user via multiple groups, it will be applied with themax()of the values.callable1etc. are PHP callables, which receive three arguments: the defined value, the User object and the password. Default checks (found inincludes/password/PasswordPolicyChecks.php):MinimalPasswordLength- Minimum length a user can setMinimumPasswordLengthToLogin- Passwords shorter than this will not be allowed to login, regardless if it is correct.MaximalPasswordLength- Maximum length password a user is allowed to attempt. Prevents DoS attacks with pbkdf2.PasswordCannotMatchUsername- Password cannot match usernamePasswordCannotMatchBlacklist- Username/password combination cannot match a specific, hardcoded blacklist.PasswordCannotBePopular- Blacklist passwords which are known to be commonly chosen. Set to integer n to ban the top n passwords. If you want to ban all common passwords on file, use thePHP_INT_MAXconstant.
Examples[edit]
This example shows how to change selected policies for all users:
$wgPasswordPolicy['policies']['default']['MinimalPasswordLength'] = 10;
$wgPasswordPolicy['policies']['default']['MaximalPasswordLength'] = 128;
$wgPasswordPolicy['policies']['default']['PasswordCannotBePopular'] = 100;
$wgPasswordPolicy['policies']['default']['PasswordCannotMatchUsername'] = true;
This example shows how to change selected policies for users of the "sysop" group:
$wgPasswordPolicy['policies']['sysop']['MinimumPasswordLengthToLogin'] = 10;
$wgPasswordPolicy['policies']['sysop']['MinimalPasswordLength'] = 20;
Default[edit]
$wgPasswordPolicy = [
'policies' => [
'bureaucrat' => [
'MinimalPasswordLength' => 8,
'MinimumPasswordLengthToLogin' => 1,
'PasswordCannotMatchUsername' => true,
'PasswordCannotBePopular' => 25,
],
'sysop' => [
'MinimalPasswordLength' => 8,
'MinimumPasswordLengthToLogin' => 1,
'PasswordCannotMatchUsername' => true,
'PasswordCannotBePopular' => 25,
],
'bot' => [
'MinimalPasswordLength' => 8,
'MinimumPasswordLengthToLogin' => 1,
'PasswordCannotMatchUsername' => true,
],
'default' => [
'MinimalPasswordLength' => 1,
'PasswordCannotMatchUsername' => true,
'PasswordCannotMatchBlacklist' => true,
'MaximalPasswordLength' => 4096,
],
],
'checks' => [
'MinimalPasswordLength' => 'PasswordPolicyChecks::checkMinimalPasswordLength',
'MinimumPasswordLengthToLogin' => 'PasswordPolicyChecks::checkMinimumPasswordLengthToLogin',
'PasswordCannotMatchUsername' => 'PasswordPolicyChecks::checkPasswordCannotMatchUsername',
'PasswordCannotMatchBlacklist' => 'PasswordPolicyChecks::checkPasswordCannotMatchBlacklist',
'MaximalPasswordLength' => 'PasswordPolicyChecks::checkMaximalPasswordLength',
'PasswordCannotBePopular' => 'PasswordPolicyChecks::checkPopularPasswordBlacklist'
],
];