Description
Testing this locally on Crowd 227, I set the password history count to 1, then tried resetting my password through the interface and through 'Forgot Password' e-mail link, but was able to consistent use old passwords.
I also expired the password, forcing a password change, but that also let me continue to use old passwords.
Gone through logs and didn't see anything relavent, only this query that reflects the password history count=1.
2011-07-25 11:27:41,941 http-6095-8 DEBUG [crowd.dao.directory.DirectoryDAOHibernate] Loaded object: com.atlassian.crowd.model.directory.DirectoryImpl
@19f86c05[lowerName=crowd227,description=,type=INTERNAL,implementationClass=com.atlassian.crowd.directory.InternalDirectory,allowedOperations=[CREATE_
USER, UPDATE_USER_ATTRIBUTE, DELETE_USER, UPDATE_GROUP, DELETE_GROUP, UPDATE_GROUP_ATTRIBUTE, UPDATE_USER, CREATE_GROUP],attributes={password_max_chan
ge_time=0, password_regex=, user_encryption_method=atlassian-security, password_history_count=1, useNestedGroups=false, password_max_attempts=0}]
Attachments
Issue Links
- causes
-
JRACLOUD-65749 Import fails if Password Policy is not set to weak
- Closed
- relates to
-
CWD-2692 Password history count warning is one less than configured history count
- Closed
- mentioned in
-
Page Loading...