tyler.durden/icingaweb2
1
0
Fork 0
mirror of https://github.com/Icinga/icingaweb2.git synced 2025-09-25 18:59:04 +02:00
Code Issues Packages Projects Releases Wiki Activity

add documantation for general and custom password policy

Browse Source
This commit is contained in:
Jolien Trog 2025-09-10 17:37:57 +02:00
parent 6d2a3ca6cf
commit bcf8430dd6
1 changed files with 89 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

89
doc/05-Authentication.md
View File

@ -158,6 +158,95 @@ resource = icingaweb-mysql
Please read [this chapter](20-Advanced-Topics.md#advanced-topics-authentication-tips-manual-user-database-auth) Please read [this chapter](20-Advanced-Topics.md#advanced-topics-authentication-tips-manual-user-database-auth)
in order to manually create users directly inside the database. in order to manually create users directly inside the database.
### Password Policy <a id="authentication-password-policy"></a>
Icinga Web 2 supports password policies when using database authentication.
You can configure this under **Configuration > Application > General**.
By default, no password policy is enforced ('None').
Icinga Web 2 provides a built-in policy called 'Common' with the following requirements:
* Minimum length of 12 characters
* At least one number
* At least one special character
* At least one uppercase letter
* At least one lowercase letter
#### Custom Password Policy <a id="authentication-custom-password-policy"></a>
You can create custom password policies by developing a module with a provided hook.
**Create Module Structure**
```bash
mkdir -p /usr/share/icingaweb2/modules/mypasswordpolicy/library/MyPasswordPolicy/ProvidedHook
cd /usr/share/icingaweb2/modules/mypasswordpolicy
```
Create `module.info`:
```ini
Name: My Password Policy
Version: 1.0.0
Description: Custom password policy implementation
Author: Your Name
```
**Implement the Hook**
Icinga Web 2 provides the `PasswordPolicyHook` interface with predefined methods
that simplify the implementation of custom password policies.
Create `library/MyPasswordPolicy/ProvidedHook/PasswordPolicy.php`:
```php
namespace Icinga\Module\MyPasswordPolicy\ProvidedHook;
use Icinga\Application\Hook\PasswordPolicyHook;
class PasswordPolicy implements PasswordPolicyHook
{
public function getName(): string
{
return 'My Custom Policy';
}
public function getDescription(): string
{
return 'Custom password requirements: 8+ chars, 1 number';
}
public function validatePassword(string $password): array
{
$violations = [];
if (strlen($password) < 8) {
$violations[] = 'Password must be at least 8 characters';
}
if (!preg_match('/[0-9]/', $password)) {
$violations[] = 'Password must contain at least one number';
}
return $violations;
}
}
```
**Register the Hook**
Create `run.php`:
```php
/** @var $this \Icinga\Application\Modules\Module */
$this->provideHook('passwordpolicy', 'PasswordPolicy');
```
Enable the module:
```bash
icingacli module enable mypasswordpolicy
```
You can choose in the settings the preferred password policy.
The custom policy will now appear in **Configuration > Application > General** under Password Policy.
## Groups <a id="authentication-configuration-groups"></a> ## Groups <a id="authentication-configuration-groups"></a>