Giter VIP home page Giter VIP logo

Comments (4)

simonai1254 avatar simonai1254 commented on May 24, 2024

Hi

In the Appconfig you have the possibility to define a user that should be used to execute the password changing operations. But in my installation I have it running without defining that user, and it works as well. As on the system I have no privileged user I assume the password is changed in the context of the user changing the password.

Hope this helps and best regards
Simon

from passcore.

gordonfpanam avatar gordonfpanam commented on May 24, 2024

I have it running without defining that user, and it works as well.

I'll have to check again then, as the security logs on my test domain's DC is only showing a successful sign-in of a test user from the PC running Passcore, but not a subsequent password change attempt.

Would you be comfortable sharing your configuration here, omitting / censoring your domain-specifics or anything else you consider sensitive? Please let me know.

from passcore.

simonai1254 avatar simonai1254 commented on May 24, 2024

Hi

My configuration is the default settings with following parameters changed:

{
  [ omitted ]
  "AppSettings": {
    // The following options for AD Provider (remove if you don't use this Provider)
    "UseAutomaticContext": true, // Set true to allow PassCore to reset password using the same credentials, or false if you will fill the credentials below
    "RestrictedADGroups": [
      "Administrators",
      "Domain Admins",
      "Enterprise Admins"
    ], // Set the AD groups to restrict the use of PassCore
    "AllowedADGroups": [], // Set the AD Groups to allow PassCore, if the array is empty all the groups no-restricted above are allowed
    "IdTypeForUser": "UPN", // Possible values are "DN", "GUID", "Name", "SAM", "SID" and "UPN" (Default UPN)
    "UpdateLastPassword": true, // Set true to allow PassCore to  update the last password timestamp
    // The following options are for LDAP Provider (remove if you don't use this Provider)
    "LdapSearchBase": "dc=domain,dc=tld",
    "LdapSecureSocketLayer": true, // Default for AD is true when using LDAPS 636
    "LdapStartTls": false, // Default for AD is true when using LDAP 389
    "LdapChangePasswordWithDelAdd": true,
    "LdapSearchFilter": "(sAMAccountName={Username})", // Another value: "(&(objectClass=person)(cn={Username}))"
    // General options (valid for both providers)
    "LdapHostnames": [ 
	"dc1.domain.tld", 
	"dc2.domain.tld" 
    ], // Set your hostname(s)
    "LdapPort": 636, // Default for AD is 389, for LDAPS 636
    "LdapUsername": "", // Set the username or distinguish name (DN) to bind the LDAP server
    "LdapPassword": "", // Set the password for the username
    "DefaultDomain": "domain.tld" // Set your default AD domain here, or non "@" logins will not work! Use empty value to allow user to set the domain. This option is ONLY available with UPN.
  },
  "ClientSettings": {
    "ValidationRegex": {
      "EmailRegex": "^[a-zA-Z0-9.!#$%&’*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:\\.[a-zA-Z0-9-]+)*$",
      "UsernameRegex": "^[a-zA-Z0-9._-]{3,20}$"
    },
    "UsePasswordGeneration": false, //Set true to let PassCore create a new password for the current account. If true the user can not customize its new password.
    "MinimumDistance": 2, //The minimum distance beetween the old and the new password, this is used to enforce the edit distance using the levenshtein distance algorithm.
    "PasswordEntropy": 8, // the number of bytes of entropy to use for generated passwords
    "ShowPasswordMeter": true,
    "MinimumScore": 1, //The minimum acceptable score that the user's new password needs to get at being evaluated by ZXCVBN to be established as the new password.
    [ omitted ]
  }
}

Please note that right now I'm running on v4.2.3 as I am in an environment where the passcore server has no internet access and I can't use the Have I been Pwned API, which bricks Passcore for the moment (see #605)

Hope this helps

from passcore.

stale avatar stale commented on May 24, 2024

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

from passcore.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.