You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As a security administrator, I want to know when users attempt to change their passwords so that I can detect any suspicious behavior.
GIVEN a running Conjur instance
WHEN I change my password with an invalid password 1
THEN I see an unsuccessful password change audit event 2
AND WHEN I change my password with a valid password 3
THEN I see a successful password change audit event 4
Notes
Conjur does not currently support changing another user's password. The only way to "fail" when setting a password is to attempt to change a password to something that does not meet the complexity requirements.
1 Change the admin user's password to a password that does not meet the complexity requirements:
2 Unsuccessful "Change Password" audit event should follow the Audit Event convention. Before we implement, let's get agreement on the format. A possible format could be:
subject@43868
user: cucumber:user:admin
auth@43868
user: cucumber:user:admin
action@43868
result: failure
operation: update
MSGID: password
MESSAGE: "cucumber:user:admin failed to update password for cucumber:user:admin due to complexity requirements"
LEVEL: "notice"
3 Change the admin user's password to a password that meets the complexity requirements:
$ curl -k -X PUT --data ADmin123!!-new --user admin:ADmin123!!!!
http://localhost:3000/authn/cucumber/password
4 Successful "Change Password" audit event should follow the Audit Event convention. Before we implement, let's get agreement on the format. A possible format could be:
subject@43868
user: cucumber:user:admin
auth@43868
user: cucumber:user:admin
action@43868
result: success
operation: update
MSGID: password
MESSAGE: "cucumber:user:admin updated password for cucumber:user:admin"
LEVEL: "notice"
The text was updated successfully, but these errors were encountered:
As a security administrator, I want to know when users attempt to change their passwords so that I can detect any suspicious behavior.
GIVEN a running Conjur instance
WHEN I change my password with an invalid password 1
THEN I see an unsuccessful password change audit event 2
AND WHEN I change my password with a valid password 3
THEN I see a successful password change audit event 4
Notes
Conjur does not currently support changing another user's password. The only way to "fail" when setting a password is to attempt to change a password to something that does not meet the complexity requirements.
1 Change the
adminuser's password to a password that does not meet the complexity requirements:$ curl -k -X PUT --data password --user admin:ADmin123!!!! \ http://localhost:3000/authn/cucumber/password2 Unsuccessful "Change Password" audit event should follow the Audit Event convention. Before we implement, let's get agreement on the format. A possible format could be:
cucumber:user:admincucumber:user:adminfailureupdate3 Change the
adminuser's password to a password that meets the complexity requirements:4 Successful "Change Password" audit event should follow the Audit Event convention. Before we implement, let's get agreement on the format. A possible format could be:
cucumber:user:admincucumber:user:adminsuccessupdateThe text was updated successfully, but these errors were encountered: