Manual:$wgPasswordPolicy/zh
From Linux Web Expert
<translate> User accounts, authentication</translate>: $wgPasswordPolicy | |
---|---|
指定与密码强度和安全性相关的各种设置。 |
|
<translate> Introduced in version:</translate> | 1.26.0 (Gerrit change 206156; git #1a20dc) |
<translate> Removed in version:</translate> | <translate> still in use</translate> |
<translate> Allowed values:</translate> | 参见下方 |
<translate> Default value:</translate> | 参见下方 |
<translate> Other settings:</translate> <translate> Alphabetical</translate> | <translate> By function</translate> |
细节
密码策略按以下形式
$wgPasswordPolicy = [
'policies' => [
'group1' => [
'check1' => 'value1',
// ...
],
// ...
],
'checks' => [
'check1' => 'callable1',
// ...
],
];
group1
etc. are user groups, plus the special groupdefault
which is required to be present and applies to everyone.
check1
etc. are arbitrary check names, defined in thechecks
subarray.
value1
etc. are policy values, passed to the appropriate callback defined in thechecks
subarray.
If the same check applies to a user via multiple groups, it will be applied with the max()
of the values.
- Alternatively,
value1
could be an array with the fieldsvalue
(same as above),suggestChangeOnLogin
(when set to true, users will be shown a password change form during login if the check fails) andforceChange
(likesuggestChangeOnLogin
but the form cannot be skipped).
- Alternatively,
callable1
etc. are PHP callables, which receive three arguments: the defined value, the User object and the password, and return a StatusValue.
A fatal status means the password can't be used, even for login; a non-fatal error means the value is not accepted as a new password (on account creation or password change), but can be used for login; the user will be shown a (skippable) password change form.
- Default checks (found in
includes/password/PasswordPolicyChecks.php
):MinimalPasswordLength
— 使用者能夠設定的密碼最小長度MinimumPasswordLengthToLogin
— 密碼短於這個設定值將不允許登入,無論密碼是否正確。MaximalPasswordLength
— 使用者能夠嘗試的最長密碼。 Prevents DoS attacks with pbkdf2.PasswordCannotMatchUsername
— 密碼不可符合用戶名PasswordCannotBeSubstringInUsername
— Your password must not appear within your username.PasswordCannotMatchBlacklist
— 禁用先前已用於MediaWiki單元測試中的密碼。PasswordCannotBePopular
— 禁用廣為人知的常用密碼。 設定整數n來禁止前n個密碼。 如果你想要禁止檔案中所有常用密碼,使用常數PHP_INT_MAX
。 參見$wgPopularPasswordFile (MediaWiki中附帶的預設檔案,有1萬個密碼)。
File:OOjs UI icon lightbulb-yellow.svg <translate> Note:</translate> <translate> (removed in <tvar name=2>1.35</tvar>)</translate> UsePasswordNotInCommonList
instead.PasswordNotInLargeBlacklist
— Same as the previous one, except uses the larger blacklist that comes with the wikimedia/password-blacklist library.
File:OOjs UI icon lightbulb-yellow.svg <translate> Note:</translate> <translate> (deprecated in <tvar name=2>1.35</tvar>)</translate> UsePasswordNotInCommonList
instead.PasswordNotInCommonList
— Password not in best practices list of 100,000 commonly used passwords.
示例
This example shows how to change selected policies for all users:
$wgPasswordPolicy['policies']['default']['MinimalPasswordLength'] = 10;
$wgPasswordPolicy['policies']['default']['MaximalPasswordLength'] = 128;
$wgPasswordPolicy['policies']['default']['PasswordCannotMatchUsername']['value'] = false;
This example shows how to change selected policies for users of the "sysop" group:
$wgPasswordPolicy['policies']['sysop']['MinimumPasswordLengthToLogin'] = 10;
$wgPasswordPolicy['policies']['sysop']['MinimalPasswordLength'] = 20;
Disabling all password policies
For development machines, it might be helpful to disable all password policies, which can be done with the following line:
$wgPasswordPolicy = [ 'policies' => [ 'default' => [] ], 'checks' => [] ];
默认
<td class="mw-version-versionbox" title="<translate nowrap> The latest stable version is <tvar name=1>1.41</tvar></translate>"><translate> ≥</translate> 1.40
<translate> MediaWiki version:</translate> |
$wgPasswordPolicy = [
'policies' => [
'bureaucrat' => [
'MinimalPasswordLength' => 10, // 1.33+
'MinimumPasswordLengthToLogin' => 1,
],
'sysop' => [
'MinimalPasswordLength' => 10, // 1.33+
'MinimumPasswordLengthToLogin' => 1,
],
'interface-admin' => [ // 1.32+
'MinimalPasswordLength' => 10, // 1.33+
'MinimumPasswordLengthToLogin' => 1,
],
'bot' => [
'MinimalPasswordLength' => 10, // 1.33+
'MinimumPasswordLengthToLogin' => 1,
],
'default' => [
'MinimalPasswordLength' => [ 'value' => 8, 'suggestChangeOnLogin' => true ], // 1.40+
'PasswordCannotBeSubstringInUsername' => [ // 1.35+
'value' => true,
'suggestChangeOnLogin' => true
],
'PasswordCannotMatchDefaults' => [ 'value' => true, 'suggestChangeOnLogin' => true ], // 1.35+
'MaximalPasswordLength' => [ 'value' => 4096, 'suggestChangeOnLogin' => true ], // 1.33+
'PasswordNotInCommonList' => [ 'value' => true, 'suggestChangeOnLogin' => true ], // 1.35+
],
],
'checks' => [
'MinimalPasswordLength' => 'PasswordPolicyChecks::checkMinimalPasswordLength',
'MinimumPasswordLengthToLogin' => 'PasswordPolicyChecks::checkMinimumPasswordLengthToLogin',
'PasswordCannotBeSubstringInUsername' =>
'PasswordPolicyChecks::checkPasswordCannotBeSubstringInUsername', // 1.35+
'PasswordCannotMatchDefaults' => 'PasswordPolicyChecks::checkPasswordCannotMatchDefaults', // 1.35+
'MaximalPasswordLength' => 'PasswordPolicyChecks::checkMaximalPasswordLength',
'PasswordNotInCommonList' => 'PasswordPolicyChecks::checkPasswordNotInCommonList', // 1.35+
],
];
<translate> ≥</translate> 1.37
<translate> MediaWiki version:</translate> |
$wgPasswordPolicy = [
'policies' => [
'bureaucrat' => [
'MinimalPasswordLength' => 10, // 1.33+
'MinimumPasswordLengthToLogin' => 1,
],
'sysop' => [
'MinimalPasswordLength' => 10, // 1.33+
'MinimumPasswordLengthToLogin' => 1,
],
'interface-admin' => [ // 1.32+
'MinimalPasswordLength' => 10, // 1.33+
'MinimumPasswordLengthToLogin' => 1,
],
'bot' => [
'MinimalPasswordLength' => 10, // 1.33+
'MinimumPasswordLengthToLogin' => 1,
],
'default' => [
'MinimalPasswordLength' => [ 'value' => 1, 'suggestChangeOnLogin' => true ], // 1.33+
'PasswordCannotBeSubstringInUsername' => [ // 1.35+
'value' => true,
'suggestChangeOnLogin' => true
],
'PasswordCannotMatchDefaults' => [ 'value' => true, 'suggestChangeOnLogin' => true ], // 1.35+
'MaximalPasswordLength' => [ 'value' => 4096, 'suggestChangeOnLogin' => true ], // 1.33+
'PasswordNotInCommonList' => [ 'value' => true, 'suggestChangeOnLogin' => true ], // 1.35+
],
],
'checks' => [
'MinimalPasswordLength' => 'PasswordPolicyChecks::checkMinimalPasswordLength',
'MinimumPasswordLengthToLogin' => 'PasswordPolicyChecks::checkMinimumPasswordLengthToLogin',
'PasswordCannotBeSubstringInUsername' =>
'PasswordPolicyChecks::checkPasswordCannotBeSubstringInUsername', // 1.35+
'PasswordCannotMatchDefaults' => 'PasswordPolicyChecks::checkPasswordCannotMatchDefaults', // 1.35+
'MaximalPasswordLength' => 'PasswordPolicyChecks::checkMaximalPasswordLength',
'PasswordNotInCommonList' => 'PasswordPolicyChecks::checkPasswordNotInCommonList', // 1.35+
],
];
<translate> ≥</translate> 1.36
<translate> MediaWiki version:</translate> |
$wgPasswordPolicy = [
'policies' => [
'bureaucrat' => [
'MinimalPasswordLength' => 10, // 1.33+
'MinimumPasswordLengthToLogin' => 1,
],
'sysop' => [
'MinimalPasswordLength' => 10, // 1.33+
'MinimumPasswordLengthToLogin' => 1,
],
'interface-admin' => [ // 1.32+
'MinimalPasswordLength' => 10, // 1.33+
'MinimumPasswordLengthToLogin' => 1,
],
'bot' => [
'MinimalPasswordLength' => 10, // 1.33+
'MinimumPasswordLengthToLogin' => 1,
],
'default' => [
'MinimalPasswordLength' => [ 'value' => 1, 'suggestChangeOnLogin' => true ], // 1.33+
'PasswordCannotMatchUsername' => [ 'value' => true, 'suggestChangeOnLogin' => true ], // 1.33+
'PasswordCannotBeSubstringInUsername' => [ // 1.35+
'value' => true,
'suggestChangeOnLogin' => true
],
'PasswordCannotMatchDefaults' => [ 'value' => true, 'suggestChangeOnLogin' => true ], // 1.35+
'MaximalPasswordLength' => [ 'value' => 4096, 'suggestChangeOnLogin' => true ], // 1.33+
'PasswordNotInCommonList' => [ 'value' => true, 'suggestChangeOnLogin' => true ], // 1.35+
],
],
'checks' => [
'MinimalPasswordLength' => 'PasswordPolicyChecks::checkMinimalPasswordLength',
'MinimumPasswordLengthToLogin' => 'PasswordPolicyChecks::checkMinimumPasswordLengthToLogin',
'PasswordCannotMatchUsername' => 'PasswordPolicyChecks::checkPasswordCannotMatchUsername',
'PasswordCannotBeSubstringInUsername' =>
'PasswordPolicyChecks::checkPasswordCannotBeSubstringInUsername', // 1.35+
'PasswordCannotMatchDefaults' => 'PasswordPolicyChecks::checkPasswordCannotMatchDefaults', // 1.35+
'MaximalPasswordLength' => 'PasswordPolicyChecks::checkMaximalPasswordLength',
'PasswordNotInCommonList' => 'PasswordPolicyChecks::checkPasswordNotInCommonList', // 1.35+
],
];
1.35
<translate> MediaWiki version:</translate> |
$wgPasswordPolicy = [
'policies' => [
'bureaucrat' => [
'MinimalPasswordLength' => 10, // 1.33+
'MinimumPasswordLengthToLogin' => 1,
],
'sysop' => [
'MinimalPasswordLength' => 10, // 1.33+
'MinimumPasswordLengthToLogin' => 1,
],
'interface-admin' => [ // 1.32+
'MinimalPasswordLength' => 10, // 1.33+
'MinimumPasswordLengthToLogin' => 1,
],
'bot' => [
'MinimalPasswordLength' => 10, // 1.33+
'MinimumPasswordLengthToLogin' => 1,
],
'default' => [
'MinimalPasswordLength' => [ 'value' => 1, 'suggestChangeOnLogin' => true ], // 1.33+
'PasswordCannotMatchUsername' => [ 'value' => true, 'suggestChangeOnLogin' => true ], // 1.33+
'PasswordCannotBeSubstringInUsername' => [ // 1.35+
'value' => true,
'suggestChangeOnLogin' => true
],
'PasswordCannotMatchDefaults' => [ 'value' => true, 'suggestChangeOnLogin' => true ], // 1.35+
'MaximalPasswordLength' => [ 'value' => 4096, 'suggestChangeOnLogin' => true ], // 1.33+
'PasswordNotInCommonList' => [ 'value' => true, 'suggestChangeOnLogin' => true ], // 1.35+
],
],
'checks' => [
'MinimalPasswordLength' => 'PasswordPolicyChecks::checkMinimalPasswordLength',
'MinimumPasswordLengthToLogin' => 'PasswordPolicyChecks::checkMinimumPasswordLengthToLogin',
'PasswordCannotMatchUsername' => 'PasswordPolicyChecks::checkPasswordCannotMatchUsername',
'PasswordCannotBeSubstringInUsername' =>
'PasswordPolicyChecks::checkPasswordCannotBeSubstringInUsername', // 1.35+
'PasswordCannotMatchBlacklist' => 'PasswordPolicyChecks::checkPasswordCannotMatchDefaults', // 1.35
'PasswordCannotMatchDefaults' => 'PasswordPolicyChecks::checkPasswordCannotMatchDefaults', // 1.35+
'MaximalPasswordLength' => 'PasswordPolicyChecks::checkMaximalPasswordLength',
'PasswordNotInLargeBlacklist' => 'PasswordPolicyChecks::checkPasswordNotInCommonList', // 1.35
'PasswordNotInCommonList' => 'PasswordPolicyChecks::checkPasswordNotInCommonList', // 1.35+
],
];
1.34
<translate> MediaWiki version:</translate> |
$wgPasswordPolicy = [
'policies' => [
'bureaucrat' => [
'MinimalPasswordLength' => 10, // 1.33+
'MinimumPasswordLengthToLogin' => 1,
],
'sysop' => [
'MinimalPasswordLength' => 10, // 1.33+
'MinimumPasswordLengthToLogin' => 1,
],
'interface-admin' => [ // 1.32+
'MinimalPasswordLength' => 10, // 1.33+
'MinimumPasswordLengthToLogin' => 1,
],
'bot' => [
'MinimalPasswordLength' => 10, // 1.33+
'MinimumPasswordLengthToLogin' => 1,
],
'default' => [
'MinimalPasswordLength' => [ 'value' => 1, 'suggestChangeOnLogin' => true ], // 1.33+
'PasswordCannotMatchUsername' => [ 'value' => true, 'suggestChangeOnLogin' => true ], // 1.33+
'PasswordCannotMatchBlacklist' => [ 'value' => true, 'suggestChangeOnLogin' => true ], // 1.33+
'MaximalPasswordLength' => [ 'value' => 4096, 'suggestChangeOnLogin' => true ], // 1.33+
'PasswordNotInLargeBlacklist' => [ 'value' => true, 'suggestChangeOnLogin' => true ], // 1.34+
],
],
'checks' => [
'MinimalPasswordLength' => 'PasswordPolicyChecks::checkMinimalPasswordLength',
'MinimumPasswordLengthToLogin' => 'PasswordPolicyChecks::checkMinimumPasswordLengthToLogin',
'PasswordCannotMatchUsername' => 'PasswordPolicyChecks::checkPasswordCannotMatchUsername',
'PasswordCannotMatchBlacklist' => 'PasswordPolicyChecks::checkPasswordCannotMatchBlacklist',
'MaximalPasswordLength' => 'PasswordPolicyChecks::checkMaximalPasswordLength',
'PasswordCannotBePopular' => 'PasswordPolicyChecks::checkPopularPasswordBlacklist', // 1.27+
'PasswordNotInLargeBlacklist' => 'PasswordPolicyChecks::checkPasswordNotInLargeBlacklist', // 1.33+
],
];
1.33
<translate> MediaWiki version:</translate> |
$wgPasswordPolicy = [
'policies' => [
'bureaucrat' => [
'MinimalPasswordLength' => 10, // 1.33+
'MinimumPasswordLengthToLogin' => 1,
'PasswordNotInLargeBlacklist' => true, // 1.33
],
'sysop' => [
'MinimalPasswordLength' => 10, // 1.33+
'MinimumPasswordLengthToLogin' => 1,
'PasswordNotInLargeBlacklist' => true, // 1.33
],
'interface-admin' => [ // 1.32+
'MinimalPasswordLength' => 10, // 1.33+
'MinimumPasswordLengthToLogin' => 1,
'PasswordNotInLargeBlacklist' => true, // 1.33
],
'bot' => [
'MinimalPasswordLength' => 10, // 1.33+
'MinimumPasswordLengthToLogin' => 1,
'PasswordNotInLargeBlacklist' => true, // 1.33
],
'default' => [
'MinimalPasswordLength' => [ 'value' => 1, 'suggestChangeOnLogin' => true ], // 1.33+
'PasswordCannotMatchUsername' => [ 'value' => true, 'suggestChangeOnLogin' => true ], // 1.33+
'PasswordCannotMatchBlacklist' => [ 'value' => true, 'suggestChangeOnLogin' => true ], // 1.33+
'MaximalPasswordLength' => [ 'value' => 4096, 'suggestChangeOnLogin' => true ], // 1.33+
],
],
'checks' => [
'MinimalPasswordLength' => 'PasswordPolicyChecks::checkMinimalPasswordLength',
'MinimumPasswordLengthToLogin' => 'PasswordPolicyChecks::checkMinimumPasswordLengthToLogin',
'PasswordCannotMatchUsername' => 'PasswordPolicyChecks::checkPasswordCannotMatchUsername',
'PasswordCannotMatchBlacklist' => 'PasswordPolicyChecks::checkPasswordCannotMatchBlacklist',
'MaximalPasswordLength' => 'PasswordPolicyChecks::checkMaximalPasswordLength',
'PasswordCannotBePopular' => 'PasswordPolicyChecks::checkPopularPasswordBlacklist', // 1.27+
'PasswordNotInLargeBlacklist' => 'PasswordPolicyChecks::checkPasswordNotInLargeBlacklist', // 1.33+
],
];
1.32
<translate> MediaWiki version:</translate> |
$wgPasswordPolicy = [
'policies' => [
'bureaucrat' => [
'MinimalPasswordLength' => 8,
'MinimumPasswordLengthToLogin' => 1,
'PasswordCannotMatchUsername' => true,
'PasswordCannotBePopular' => 25, // 1.27+
],
'sysop' => [
'MinimalPasswordLength' => 8,
'MinimumPasswordLengthToLogin' => 1,
'PasswordCannotMatchUsername' => true,
'PasswordCannotBePopular' => 25, // 1.27+
],
'interface-admin' => [ // 1.32+
'MinimalPasswordLength' => 8,
'MinimumPasswordLengthToLogin' => 1,
'PasswordCannotMatchUsername' => true,
'PasswordCannotBePopular' => 25,
],
'bot' => [
'MinimalPasswordLength' => 8,
'MinimumPasswordLengthToLogin' => 1,
'PasswordCannotMatchUsername' => true,
],
'default' => [
'MinimalPasswordLength' => 1,
'PasswordCannotMatchUsername' => true,
'PasswordCannotMatchBlacklist' => true,
'MaximalPasswordLength' => 4096,
],
],
'checks' => [
'MinimalPasswordLength' => 'PasswordPolicyChecks::checkMinimalPasswordLength',
'MinimumPasswordLengthToLogin' => 'PasswordPolicyChecks::checkMinimumPasswordLengthToLogin',
'PasswordCannotMatchUsername' => 'PasswordPolicyChecks::checkPasswordCannotMatchUsername',
'PasswordCannotMatchBlacklist' => 'PasswordPolicyChecks::checkPasswordCannotMatchBlacklist',
'MaximalPasswordLength' => 'PasswordPolicyChecks::checkMaximalPasswordLength',
'PasswordCannotBePopular' => 'PasswordPolicyChecks::checkPopularPasswordBlacklist' // 1.27+
],
];
1.27 – 1.31
<translate> MediaWiki versions:</translate> |
$wgPasswordPolicy = [
'policies' => [
'bureaucrat' => [
'MinimalPasswordLength' => 8,
'MinimumPasswordLengthToLogin' => 1,
'PasswordCannotMatchUsername' => true,
'PasswordCannotBePopular' => 25, // 1.27+
],
'sysop' => [
'MinimalPasswordLength' => 8,
'MinimumPasswordLengthToLogin' => 1,
'PasswordCannotMatchUsername' => true,
'PasswordCannotBePopular' => 25, // 1.27+
],
'bot' => [
'MinimalPasswordLength' => 8,
'MinimumPasswordLengthToLogin' => 1,
'PasswordCannotMatchUsername' => true,
],
'default' => [
'MinimalPasswordLength' => 1,
'PasswordCannotMatchUsername' => true,
'PasswordCannotMatchBlacklist' => true,
'MaximalPasswordLength' => 4096,
],
],
'checks' => [
'MinimalPasswordLength' => 'PasswordPolicyChecks::checkMinimalPasswordLength',
'MinimumPasswordLengthToLogin' => 'PasswordPolicyChecks::checkMinimumPasswordLengthToLogin',
'PasswordCannotMatchUsername' => 'PasswordPolicyChecks::checkPasswordCannotMatchUsername',
'PasswordCannotMatchBlacklist' => 'PasswordPolicyChecks::checkPasswordCannotMatchBlacklist',
'MaximalPasswordLength' => 'PasswordPolicyChecks::checkMaximalPasswordLength',
'PasswordCannotBePopular' => 'PasswordPolicyChecks::checkPopularPasswordBlacklist' // 1.27+
],
];
1.26
MediaWiki版本: |
$wgPasswordPolicy = array(
'policies' => array(
'bureaucrat' => array(
'MinimalPasswordLength' => 8,
'MinimumPasswordLengthToLogin' => 1,
'PasswordCannotMatchUsername' => true,
),
'sysop' => array(
'MinimalPasswordLength' => 8,
'MinimumPasswordLengthToLogin' => 1,
'PasswordCannotMatchUsername' => true,
),
'bot' => array(
'MinimalPasswordLength' => 8,
'MinimumPasswordLengthToLogin' => 1,
'PasswordCannotMatchUsername' => true,
),
'default' => array(
'MinimalPasswordLength' => 1,
'PasswordCannotMatchUsername' => true,
'PasswordCannotMatchBlacklist' => true,
'MaximalPasswordLength' => 4096,
),
),
'checks' => array(
'MinimalPasswordLength' => 'PasswordPolicyChecks::checkMinimalPasswordLength',
'MinimumPasswordLengthToLogin' => 'PasswordPolicyChecks::checkMinimumPasswordLengthToLogin',
'PasswordCannotMatchUsername' => 'PasswordPolicyChecks::checkPasswordCannotMatchUsername',
'PasswordCannotMatchBlacklist' => 'PasswordPolicyChecks::checkPasswordCannotMatchBlacklist',
'MaximalPasswordLength' => 'PasswordPolicyChecks::checkMaximalPasswordLength',
),
);