Components
- Code
- Documentation
- Miscellaneous
- User interface
Documentation
Licence
http://www.gnu.org/licenses/old-licenses/gpl-2.0.htmlpermet de forcer les restrictions sur les password des utilisateurs
Release
Covered by Drupal's security advisory policy
Release type : Bug fixes
Covered by Drupal's security advisory policy
Release type : Bug fixes Release type : New features
Description
This module supports enforcing restrictions on user passwords by defining password policies.
Overview
A password policy can be defined with a set of constraints which must be met before a user password change will be accepted. Each constraint has a parameter allowing for the minimum number of valid conditions which must be met before the constraint is satisfied.
Example: an uppercase constraint (with a parameter of 2) and a digit constraint (with a parameter of 4) means that a user password must have at least 2 uppercase letters and at least 4 digits for it to be accepted.
4.0.x branch
The 4.0.x branch has Drupal 10 support along with some bug fixes. The Drupal 8 branch (8.x-3.x) is no longer supported. While the 8.x-3.x branch could have been made compatible with Drupal 10, we decided to bump the major version in order to adopt semantic versioning. Normally, a major bump only happens with major code changes or rearchitecture work, but we decided to adopt semver for simplicity going forward.
Features
The main features of the Password Policy module are password constraints and expiration.
Password Constraints
Current constraints include:
- Character types
- Delay
- Digit
- Digit placement
- History*
- Length
- Letter
- Letter/Digit (Alphanumeric)
- Punctuation
- Uppercase/Lowercase
- Username
* checks hashed password against a collection of user's previous hashed passwords looking for recent duplicates
Password Expiration and Reset
The module implements a password expiration feature where the user is forced to change their password when their old password expires. This is set on the user's account edit form.
Administrators also have a bulk password reset feature where the admin selects roles to force a password reset for users with those roles. When someone with that role logins in, they are requested to change their password.
Other Releases
7.x-2.x is a major rewrite to include several of the features most lacking from 7.x-1.x: natively exportable configurations, cleaner administrator UI, and easier implementation of your own policies in other modules. Features requests should be made against the 7.x-2.x branch instead of 7.x-1.x. Note: #2027019: Upgrade from 7.x-1.x to 7.x-2.x not possible
Given the Drupal 7 EOL in early 2025, there may not be additional work on this branch.
Limitations
Password policies only apply to passwords set via user forms in the web interface. Passwords changed by other means (Drush, web services, etc.) may not be subject to password policy constraints. Please see the following issue if you would like to contribute to removing this limitation: #2451159: Password policy doesn't work when updating the user
Complementary Modules
Toutes les informations proviennent du site drupal.org