Password Policy

Table of Contents

The Password Policy App

The Password Policy application

From the 2.0.0 release of the Password Policy app, ownCloud administrators (both enterprise and community edition) have the option of installing and enabling the application. The Password Policy application enables administrators to define password requirements for user passwords and public links.

Some of policy rules apply to both user passwords and public links, and some apply to just one or the other. The table below shows where each option can be used.

Setting User Passwords Public Links

Specify valid password requirements

*

*

Disallow usage of a number of previous passwords

*

Specify a password expiration period

*

Forced password change on first login

*

Disallowing passwords that match a configurable number of previous passwords (defaults to the previous 3).

*

Users can be notified a configurable number of days before their password expires

*

Users will be notified when their password has expired.

*

Specify expiration dates for public link shares

*

Specify the number of days until link expires if a password is set

*

Specify the number of days until link expires if a password is not set

*

Here is an example of what an administrator will see:

The ownCloud Password Policy app.

Active user sessions will not end when passwords expire. However, a password change will be forced when the user session expires (e.g., on logout). OAuth2 tokens for app or client authentication, and App passwords are not affected.
Installing and enabling the application also extends the occ command to support password policy management.
After enabling the "days until user password expires" policy setting in the web UI, administrators need to run the occ user:expire-password command to set an initial password change date for all existing users.