Details
-
Bug
-
Resolution: Unresolved
-
Minor
-
xCM 6.0.0
-
None
Description
How do you apply pwd policy constraints and rules for Jahia users which are shared among several virtual sites.
For example:
I have two sites on my demo server (TCK and demo). The TCK site does not enforce any pwd secrutiy rules. This is not the case of the demo site which ask for complex pwd securir schema (public web site which could suffer from external attacks).
Now I create a "john" user on the TCK web site. Then I recreate a second John user on the Demo web site. Here I am notified that John already exists and if I want to "syndicate" it on the current site. But no check on syndication if the user complies with the pwd security rules.
So if we decide that "pwd security rules" prevails (usually security rules prevails on other topics), syndicating a user with a weaker pwd on another more "robust2 virtual site would require a change of pwd of this user. Warning, be sure to notify the user afterwards. Or at least we should ask to him to change his password himselef the next time he logins through his mysettings panel (as this option also exists in the Pwd Security Rules).
