https://github.com/osquery/osquery logo
Title
d

defensivedepth

01/06/2023, 9:36 PM
There is not currently a way to set password complexity requirements, correct?
j

Jason

01/09/2023, 12:03 AM
Devils advocate question. If someone has the organizational need for password complexity requirements, shouldn’t they be using an IDP and SAML auth instead ?
d

defensivedepth

01/09/2023, 1:04 AM
For clarity, this PR allows customization of currently hardcoded password complexity requirements.
Also, if implementing FleetDM primarily as a security tool, I would not connect it to the org's centralized auth system.
j

Jason

01/09/2023, 1:11 AM
That’s an interesting take I’ve never heard before but ok.
d

defensivedepth

01/09/2023, 1:17 AM
Certainly not universally accepted in the industry, but it is a widespread recommendation - for instance: https://docs.securityonion.net/en/2.3/faq.html?can-i-connect-security-onion-to-active-directory-or-ldap#can-i-connect-securi[…]ive-directory-or-ldap
j

Jason

01/09/2023, 1:23 AM
Oh, well thats a little different but I may agree with that. I personally don't believe that straight AD or LDAP actually qualify as a proper IDP or get anywhere past NIST AAL level1