Керівництво:$wgPasswordPolicy
Appearance
Outdated translations are marked like this.
User accounts, authentication: $wgPasswordPolicy | |
---|---|
Визначає різні налаштування, пов'язані з силою та безпекою паролю. |
|
Додано у версії: | 1.26.0 (Gerrit change 206156; git #1a20dc) |
Видалено у версії: | Still in use |
Allowed values: | див. нижче |
Default value: | див. нижче |
Other settings: Alphabetical | By function |
Деталі
Політика паролю має вигляд
$wgPasswordPolicy = [
'policies' => [
'group1' => [
'check1' => 'value1',
// ...
],
// ...
],
'checks' => [
'check1' => 'callable1',
// ...
],
];
group1
та ін. — групи користувачів, а також спеціальна групаdefault
, яка повинна бути в наявності та застосовуватися до кожного.
check1
та ін. — довільні перевірені імена, визначені в підмасивіchecks
.value1
тощо – це значення політики, які передаються у відповідний зворотний виклик, визначений у підмасивіchecks
. Якщо та сама перевірка застосовується до користувача через кілька груп, вона буде застосована зmax()
значень.- Alternatively,
value1
could be an array with the fieldsvalue
(same as above),suggestChangeOnLogin
(when set to true, users will be shown a password change form during login if the check fails) andforceChange
(likesuggestChangeOnLogin
but the form cannot be skipped).
- Alternatively,
callable1
тощо є PHP callables, які отримують три аргументи: визначене значення, об'єкт User і пароль, а також повертають StatusValue. A fatal status means the password can't be used, even for login; a non-fatal error means the value is not accepted as a new password (on account creation or password change), but can be used for login; the user will be shown a (skippable) password change form.- Перевірки за замовчуванням (знайдені у
includes/password/PasswordPolicyChecks.php
):MinimalPasswordLength
— Мінімальну довжину користувача можна встановитиMinimumPasswordLengthToLogin
— Паролі, коротші за цей, не дозволятимуться для входу, незалежно від їх коректності.MaximalPasswordLength
— Максимальну довжину паролю користувачеві дозволено спробувати. Запобігає DoS-атакам з pbkdf2.PasswordCannotMatchUsername
— Паролі не можуть збігатися з іменем користувачаPasswordCannotBeSubstringInUsername
— Your password must not appear within your username.PasswordCannotMatchBlacklist
— Додає в чорний список деякі паролі, які раніше використовувалися модульними тестами MediaWiki.PasswordCannotBePopular
— Паролі з чорного списку, які, як відомо, широко обираються. Встановіть n у ціле число для блокування n перших паролів. Якщо ви хочете заблокувати всі поширені паролі на файли, використайте константуPHP_INT_MAX
. See also $wgPopularPasswordFile (the default file comes with MediaWiki and has 10K passwords).
Примітка: (removed in 1.35) UsePasswordNotInCommonList
instead.PasswordNotInLargeBlacklist
— Same as the previous one, except uses the larger blacklist that comes with the wikimedia/password-blacklist library.
Примітка: (deprecated in 1.35) UsePasswordNotInCommonList
instead.PasswordNotInCommonList
— Password not in best practices list of 100 000 commonly used passwords.
Приклади
Цей приклад показує, як змінити вибрані політики для всіх користувачів:
$wgPasswordPolicy['policies']['default']['MinimalPasswordLength'] = 10;
$wgPasswordPolicy['policies']['default']['MaximalPasswordLength'] = 128;
$wgPasswordPolicy['policies']['default']['PasswordCannotMatchUsername']['value'] = false;
Цей приклад показує, як змінити вибрані політики для користувачів групи «sysop»:
$wgPasswordPolicy['policies']['sysop']['MinimumPasswordLengthToLogin'] = 10;
$wgPasswordPolicy['policies']['sysop']['MinimalPasswordLength'] = 20;
Disabling all password policies
For development machines, it might be helpful to disable all password policies, which can be done with the following line:
$wgPasswordPolicy = [ 'policies' => [ 'default' => [] ], 'checks' => [] ];
За замовчуванням
Версія MediaWiki: | ≥ 1.43 |
$wgPasswordPolicy = [
'policies' => [
'bureaucrat' => [
'MinimalPasswordLength' => 10, // 1.33+
'MinimumPasswordLengthToLogin' => 1,
],
'sysop' => [
'MinimalPasswordLength' => 10, // 1.33+
'MinimumPasswordLengthToLogin' => 1,
],
'interface-admin' => [ // 1.32+
'MinimalPasswordLength' => 10, // 1.33+
'MinimumPasswordLengthToLogin' => 1,
],
'bot' => [
'MinimalPasswordLength' => 10, // 1.33+
'MinimumPasswordLengthToLogin' => 1,
],
'default' => [
'MinimalPasswordLength' => [ 'value' => 8, 'suggestChangeOnLogin' => true ], // 1.40+
'PasswordCannotBeSubstringInUsername' => [ // 1.35+
'value' => true,
'suggestChangeOnLogin' => true
],
'PasswordCannotMatchDefaults' => [ 'value' => true, 'suggestChangeOnLogin' => true ], // 1.35+
'MaximalPasswordLength' => [ 'value' => 4096, 'suggestChangeOnLogin' => true ], // 1.33+
'PasswordNotInCommonList' => [ 'value' => true, 'suggestChangeOnLogin' => true ], // 1.35+
],
],
'checks' => [
'MinimalPasswordLength' => [ PasswordPolicyChecks::class, 'checkMinimalPasswordLength' ],
'MinimumPasswordLengthToLogin' => [ PasswordPolicyChecks::class, 'checkMinimumPasswordLengthToLogin' ],
'PasswordCannotBeSubstringInUsername' => [ PasswordPolicyChecks::class, 'checkPasswordCannotBeSubstringInUsername' ],
'PasswordCannotMatchDefaults' => [ PasswordPolicyChecks::class, 'checkPasswordCannotMatchDefaults' ],
'MaximalPasswordLength' => [ PasswordPolicyChecks::class, 'checkMaximalPasswordLength' ],
'PasswordNotInCommonList' => [ PasswordPolicyChecks::class, 'checkPasswordNotInCommonList' ],
],
];
Версії MediaWiki: | 1.40 – 1.42 |
$wgPasswordPolicy = [
'policies' => [
'bureaucrat' => [
'MinimalPasswordLength' => 10, // 1.33+
'MinimumPasswordLengthToLogin' => 1,
],
'sysop' => [
'MinimalPasswordLength' => 10, // 1.33+
'MinimumPasswordLengthToLogin' => 1,
],
'interface-admin' => [ // 1.32+
'MinimalPasswordLength' => 10, // 1.33+
'MinimumPasswordLengthToLogin' => 1,
],
'bot' => [
'MinimalPasswordLength' => 10, // 1.33+
'MinimumPasswordLengthToLogin' => 1,
],
'default' => [
'MinimalPasswordLength' => [ 'value' => 8, 'suggestChangeOnLogin' => true ], // 1.40+
'PasswordCannotBeSubstringInUsername' => [ // 1.35+
'value' => true,
'suggestChangeOnLogin' => true
],
'PasswordCannotMatchDefaults' => [ 'value' => true, 'suggestChangeOnLogin' => true ], // 1.35+
'MaximalPasswordLength' => [ 'value' => 4096, 'suggestChangeOnLogin' => true ], // 1.33+
'PasswordNotInCommonList' => [ 'value' => true, 'suggestChangeOnLogin' => true ], // 1.35+
],
],
'checks' => [
'MinimalPasswordLength' => 'PasswordPolicyChecks::checkMinimalPasswordLength',
'MinimumPasswordLengthToLogin' => 'PasswordPolicyChecks::checkMinimumPasswordLengthToLogin',
'PasswordCannotBeSubstringInUsername' =>
'PasswordPolicyChecks::checkPasswordCannotBeSubstringInUsername', // 1.35+
'PasswordCannotMatchDefaults' => 'PasswordPolicyChecks::checkPasswordCannotMatchDefaults', // 1.35+
'MaximalPasswordLength' => 'PasswordPolicyChecks::checkMaximalPasswordLength',
'PasswordNotInCommonList' => 'PasswordPolicyChecks::checkPasswordNotInCommonList', // 1.35+
],
];
Версія MediaWiki: | ≥ 1.37 |
$wgPasswordPolicy = [
'policies' => [
'bureaucrat' => [
'MinimalPasswordLength' => 10, // 1.33+
'MinimumPasswordLengthToLogin' => 1,
],
'sysop' => [
'MinimalPasswordLength' => 10, // 1.33+
'MinimumPasswordLengthToLogin' => 1,
],
'interface-admin' => [ // 1.32+
'MinimalPasswordLength' => 10, // 1.33+
'MinimumPasswordLengthToLogin' => 1,
],
'bot' => [
'MinimalPasswordLength' => 10, // 1.33+
'MinimumPasswordLengthToLogin' => 1,
],
'default' => [
'MinimalPasswordLength' => [ 'value' => 1, 'suggestChangeOnLogin' => true ], // 1.33+
'PasswordCannotBeSubstringInUsername' => [ // 1.35+
'value' => true,
'suggestChangeOnLogin' => true
],
'PasswordCannotMatchDefaults' => [ 'value' => true, 'suggestChangeOnLogin' => true ], // 1.35+
'MaximalPasswordLength' => [ 'value' => 4096, 'suggestChangeOnLogin' => true ], // 1.33+
'PasswordNotInCommonList' => [ 'value' => true, 'suggestChangeOnLogin' => true ], // 1.35+
],
],
'checks' => [
'MinimalPasswordLength' => 'PasswordPolicyChecks::checkMinimalPasswordLength',
'MinimumPasswordLengthToLogin' => 'PasswordPolicyChecks::checkMinimumPasswordLengthToLogin',
'PasswordCannotBeSubstringInUsername' =>
'PasswordPolicyChecks::checkPasswordCannotBeSubstringInUsername', // 1.35+
'PasswordCannotMatchDefaults' => 'PasswordPolicyChecks::checkPasswordCannotMatchDefaults', // 1.35+
'MaximalPasswordLength' => 'PasswordPolicyChecks::checkMaximalPasswordLength',
'PasswordNotInCommonList' => 'PasswordPolicyChecks::checkPasswordNotInCommonList', // 1.35+
],
];
Версія MediaWiki: | ≥ 1.36 |
$wgPasswordPolicy = [
'policies' => [
'bureaucrat' => [
'MinimalPasswordLength' => 10, // 1.33+
'MinimumPasswordLengthToLogin' => 1,
],
'sysop' => [
'MinimalPasswordLength' => 10, // 1.33+
'MinimumPasswordLengthToLogin' => 1,
],
'interface-admin' => [ // 1.32+
'MinimalPasswordLength' => 10, // 1.33+
'MinimumPasswordLengthToLogin' => 1,
],
'bot' => [
'MinimalPasswordLength' => 10, // 1.33+
'MinimumPasswordLengthToLogin' => 1,
],
'default' => [
'MinimalPasswordLength' => [ 'value' => 1, 'suggestChangeOnLogin' => true ], // 1.33+
'PasswordCannotMatchUsername' => [ 'value' => true, 'suggestChangeOnLogin' => true ], // 1.33+
'PasswordCannotBeSubstringInUsername' => [ // 1.35+
'value' => true,
'suggestChangeOnLogin' => true
],
'PasswordCannotMatchDefaults' => [ 'value' => true, 'suggestChangeOnLogin' => true ], // 1.35+
'MaximalPasswordLength' => [ 'value' => 4096, 'suggestChangeOnLogin' => true ], // 1.33+
'PasswordNotInCommonList' => [ 'value' => true, 'suggestChangeOnLogin' => true ], // 1.35+
],
],
'checks' => [
'MinimalPasswordLength' => 'PasswordPolicyChecks::checkMinimalPasswordLength',
'MinimumPasswordLengthToLogin' => 'PasswordPolicyChecks::checkMinimumPasswordLengthToLogin',
'PasswordCannotMatchUsername' => 'PasswordPolicyChecks::checkPasswordCannotMatchUsername',
'PasswordCannotBeSubstringInUsername' =>
'PasswordPolicyChecks::checkPasswordCannotBeSubstringInUsername', // 1.35+
'PasswordCannotMatchDefaults' => 'PasswordPolicyChecks::checkPasswordCannotMatchDefaults', // 1.35+
'MaximalPasswordLength' => 'PasswordPolicyChecks::checkMaximalPasswordLength',
'PasswordNotInCommonList' => 'PasswordPolicyChecks::checkPasswordNotInCommonList', // 1.35+
],
];
Версія MediaWiki: | 1.35 |
$wgPasswordPolicy = [
'policies' => [
'bureaucrat' => [
'MinimalPasswordLength' => 10, // 1.33+
'MinimumPasswordLengthToLogin' => 1,
],
'sysop' => [
'MinimalPasswordLength' => 10, // 1.33+
'MinimumPasswordLengthToLogin' => 1,
],
'interface-admin' => [ // 1.32+
'MinimalPasswordLength' => 10, // 1.33+
'MinimumPasswordLengthToLogin' => 1,
],
'bot' => [
'MinimalPasswordLength' => 10, // 1.33+
'MinimumPasswordLengthToLogin' => 1,
],
'default' => [
'MinimalPasswordLength' => [ 'value' => 1, 'suggestChangeOnLogin' => true ], // 1.33+
'PasswordCannotMatchUsername' => [ 'value' => true, 'suggestChangeOnLogin' => true ], // 1.33+
'PasswordCannotBeSubstringInUsername' => [ // 1.35+
'value' => true,
'suggestChangeOnLogin' => true
],
'PasswordCannotMatchDefaults' => [ 'value' => true, 'suggestChangeOnLogin' => true ], // 1.35+
'MaximalPasswordLength' => [ 'value' => 4096, 'suggestChangeOnLogin' => true ], // 1.33+
'PasswordNotInCommonList' => [ 'value' => true, 'suggestChangeOnLogin' => true ], // 1.35+
],
],
'checks' => [
'MinimalPasswordLength' => 'PasswordPolicyChecks::checkMinimalPasswordLength',
'MinimumPasswordLengthToLogin' => 'PasswordPolicyChecks::checkMinimumPasswordLengthToLogin',
'PasswordCannotMatchUsername' => 'PasswordPolicyChecks::checkPasswordCannotMatchUsername',
'PasswordCannotBeSubstringInUsername' =>
'PasswordPolicyChecks::checkPasswordCannotBeSubstringInUsername', // 1.35+
'PasswordCannotMatchBlacklist' => 'PasswordPolicyChecks::checkPasswordCannotMatchDefaults', // 1.35
'PasswordCannotMatchDefaults' => 'PasswordPolicyChecks::checkPasswordCannotMatchDefaults', // 1.35+
'MaximalPasswordLength' => 'PasswordPolicyChecks::checkMaximalPasswordLength',
'PasswordNotInLargeBlacklist' => 'PasswordPolicyChecks::checkPasswordNotInCommonList', // 1.35
'PasswordNotInCommonList' => 'PasswordPolicyChecks::checkPasswordNotInCommonList', // 1.35+
],
];
Версія MediaWiki: | 1.34 |
$wgPasswordPolicy = [
'policies' => [
'bureaucrat' => [
'MinimalPasswordLength' => 10, // 1.33+
'MinimumPasswordLengthToLogin' => 1,
],
'sysop' => [
'MinimalPasswordLength' => 10, // 1.33+
'MinimumPasswordLengthToLogin' => 1,
],
'interface-admin' => [ // 1.32+
'MinimalPasswordLength' => 10, // 1.33+
'MinimumPasswordLengthToLogin' => 1,
],
'bot' => [
'MinimalPasswordLength' => 10, // 1.33+
'MinimumPasswordLengthToLogin' => 1,
],
'default' => [
'MinimalPasswordLength' => [ 'value' => 1, 'suggestChangeOnLogin' => true ], // 1.33+
'PasswordCannotMatchUsername' => [ 'value' => true, 'suggestChangeOnLogin' => true ], // 1.33+
'PasswordCannotMatchBlacklist' => [ 'value' => true, 'suggestChangeOnLogin' => true ], // 1.33+
'MaximalPasswordLength' => [ 'value' => 4096, 'suggestChangeOnLogin' => true ], // 1.33+
'PasswordNotInLargeBlacklist' => [ 'value' => true, 'suggestChangeOnLogin' => true ], // 1.34+
],
],
'checks' => [
'MinimalPasswordLength' => 'PasswordPolicyChecks::checkMinimalPasswordLength',
'MinimumPasswordLengthToLogin' => 'PasswordPolicyChecks::checkMinimumPasswordLengthToLogin',
'PasswordCannotMatchUsername' => 'PasswordPolicyChecks::checkPasswordCannotMatchUsername',
'PasswordCannotMatchBlacklist' => 'PasswordPolicyChecks::checkPasswordCannotMatchBlacklist',
'MaximalPasswordLength' => 'PasswordPolicyChecks::checkMaximalPasswordLength',
'PasswordCannotBePopular' => 'PasswordPolicyChecks::checkPopularPasswordBlacklist', // 1.27+
'PasswordNotInLargeBlacklist' => 'PasswordPolicyChecks::checkPasswordNotInLargeBlacklist', // 1.33+
],
];
Версія MediaWiki: | 1.33 |
$wgPasswordPolicy = [
'policies' => [
'bureaucrat' => [
'MinimalPasswordLength' => 10, // 1.33+
'MinimumPasswordLengthToLogin' => 1,
'PasswordNotInLargeBlacklist' => true, // 1.33
],
'sysop' => [
'MinimalPasswordLength' => 10, // 1.33+
'MinimumPasswordLengthToLogin' => 1,
'PasswordNotInLargeBlacklist' => true, // 1.33
],
'interface-admin' => [ // 1.32+
'MinimalPasswordLength' => 10, // 1.33+
'MinimumPasswordLengthToLogin' => 1,
'PasswordNotInLargeBlacklist' => true, // 1.33
],
'bot' => [
'MinimalPasswordLength' => 10, // 1.33+
'MinimumPasswordLengthToLogin' => 1,
'PasswordNotInLargeBlacklist' => true, // 1.33
],
'default' => [
'MinimalPasswordLength' => [ 'value' => 1, 'suggestChangeOnLogin' => true ], // 1.33+
'PasswordCannotMatchUsername' => [ 'value' => true, 'suggestChangeOnLogin' => true ], // 1.33+
'PasswordCannotMatchBlacklist' => [ 'value' => true, 'suggestChangeOnLogin' => true ], // 1.33+
'MaximalPasswordLength' => [ 'value' => 4096, 'suggestChangeOnLogin' => true ], // 1.33+
],
],
'checks' => [
'MinimalPasswordLength' => 'PasswordPolicyChecks::checkMinimalPasswordLength',
'MinimumPasswordLengthToLogin' => 'PasswordPolicyChecks::checkMinimumPasswordLengthToLogin',
'PasswordCannotMatchUsername' => 'PasswordPolicyChecks::checkPasswordCannotMatchUsername',
'PasswordCannotMatchBlacklist' => 'PasswordPolicyChecks::checkPasswordCannotMatchBlacklist',
'MaximalPasswordLength' => 'PasswordPolicyChecks::checkMaximalPasswordLength',
'PasswordCannotBePopular' => 'PasswordPolicyChecks::checkPopularPasswordBlacklist', // 1.27+
'PasswordNotInLargeBlacklist' => 'PasswordPolicyChecks::checkPasswordNotInLargeBlacklist', // 1.33+
],
];
Версія MediaWiki: | 1.32 |
$wgPasswordPolicy = [
'policies' => [
'bureaucrat' => [
'MinimalPasswordLength' => 8,
'MinimumPasswordLengthToLogin' => 1,
'PasswordCannotMatchUsername' => true,
'PasswordCannotBePopular' => 25, // 1.27+
],
'sysop' => [
'MinimalPasswordLength' => 8,
'MinimumPasswordLengthToLogin' => 1,
'PasswordCannotMatchUsername' => true,
'PasswordCannotBePopular' => 25, // 1.27+
],
'interface-admin' => [ // 1.32+
'MinimalPasswordLength' => 8,
'MinimumPasswordLengthToLogin' => 1,
'PasswordCannotMatchUsername' => true,
'PasswordCannotBePopular' => 25,
],
'bot' => [
'MinimalPasswordLength' => 8,
'MinimumPasswordLengthToLogin' => 1,
'PasswordCannotMatchUsername' => true,
],
'default' => [
'MinimalPasswordLength' => 1,
'PasswordCannotMatchUsername' => true,
'PasswordCannotMatchBlacklist' => true,
'MaximalPasswordLength' => 4096,
],
],
'checks' => [
'MinimalPasswordLength' => 'PasswordPolicyChecks::checkMinimalPasswordLength',
'MinimumPasswordLengthToLogin' => 'PasswordPolicyChecks::checkMinimumPasswordLengthToLogin',
'PasswordCannotMatchUsername' => 'PasswordPolicyChecks::checkPasswordCannotMatchUsername',
'PasswordCannotMatchBlacklist' => 'PasswordPolicyChecks::checkPasswordCannotMatchBlacklist',
'MaximalPasswordLength' => 'PasswordPolicyChecks::checkMaximalPasswordLength',
'PasswordCannotBePopular' => 'PasswordPolicyChecks::checkPopularPasswordBlacklist' // 1.27+
],
];
Версії MediaWiki: | 1.27 – 1.31 |
$wgPasswordPolicy = [
'policies' => [
'bureaucrat' => [
'MinimalPasswordLength' => 8,
'MinimumPasswordLengthToLogin' => 1,
'PasswordCannotMatchUsername' => true,
'PasswordCannotBePopular' => 25, // 1.27+
],
'sysop' => [
'MinimalPasswordLength' => 8,
'MinimumPasswordLengthToLogin' => 1,
'PasswordCannotMatchUsername' => true,
'PasswordCannotBePopular' => 25, // 1.27+
],
'bot' => [
'MinimalPasswordLength' => 8,
'MinimumPasswordLengthToLogin' => 1,
'PasswordCannotMatchUsername' => true,
],
'default' => [
'MinimalPasswordLength' => 1,
'PasswordCannotMatchUsername' => true,
'PasswordCannotMatchBlacklist' => true,
'MaximalPasswordLength' => 4096,
],
],
'checks' => [
'MinimalPasswordLength' => 'PasswordPolicyChecks::checkMinimalPasswordLength',
'MinimumPasswordLengthToLogin' => 'PasswordPolicyChecks::checkMinimumPasswordLengthToLogin',
'PasswordCannotMatchUsername' => 'PasswordPolicyChecks::checkPasswordCannotMatchUsername',
'PasswordCannotMatchBlacklist' => 'PasswordPolicyChecks::checkPasswordCannotMatchBlacklist',
'MaximalPasswordLength' => 'PasswordPolicyChecks::checkMaximalPasswordLength',
'PasswordCannotBePopular' => 'PasswordPolicyChecks::checkPopularPasswordBlacklist' // 1.27+
],
];
Версія MediaWiki: | 1.26 |
$wgPasswordPolicy = array(
'policies' => array(
'bureaucrat' => array(
'MinimalPasswordLength' => 8,
'MinimumPasswordLengthToLogin' => 1,
'PasswordCannotMatchUsername' => true,
),
'sysop' => array(
'MinimalPasswordLength' => 8,
'MinimumPasswordLengthToLogin' => 1,
'PasswordCannotMatchUsername' => true,
),
'bot' => array(
'MinimalPasswordLength' => 8,
'MinimumPasswordLengthToLogin' => 1,
'PasswordCannotMatchUsername' => true,
),
'default' => array(
'MinimalPasswordLength' => 1,
'PasswordCannotMatchUsername' => true,
'PasswordCannotMatchBlacklist' => true,
'MaximalPasswordLength' => 4096,
),
),
'checks' => array(
'MinimalPasswordLength' => 'PasswordPolicyChecks::checkMinimalPasswordLength',
'MinimumPasswordLengthToLogin' => 'PasswordPolicyChecks::checkMinimumPasswordLengthToLogin',
'PasswordCannotMatchUsername' => 'PasswordPolicyChecks::checkPasswordCannotMatchUsername',
'PasswordCannotMatchBlacklist' => 'PasswordPolicyChecks::checkPasswordCannotMatchBlacklist',
'MaximalPasswordLength' => 'PasswordPolicyChecks::checkMaximalPasswordLength',
),
);