Password History Count does not work for ATLASSIAN-SECURITY directories

2011-07-27T23:58:26
ID ATLASSIAN:CWD-2606
Type atlassian
Reporter dchan
Modified 2019-08-15T07:06:41

Description

Testing this locally on Crowd 227, I set the password history count to 1, then tried resetting my password through the interface and through 'Forgot Password' e-mail link, but was able to consistent use old passwords.

I also expired the password, forcing a password change, but that also let me continue to use old passwords.

Gone through logs and didn't see anything relavent, only this query that reflects the password history count=1. {code}2011-07-25 11:27:41,941 http-6095-8 DEBUG [crowd.dao.directory.DirectoryDAOHibernate] Loaded object: com.atlassian.crowd.model.directory.DirectoryImpl @19f86c05[lowerName=crowd227,description=,type=INTERNAL,implementationClass=com.atlassian.crowd.directory.InternalDirectory,allowedOperations=[CREATE_ USER, UPDATE_USER_ATTRIBUTE, DELETE_USER, UPDATE_GROUP, DELETE_GROUP, UPDATE_GROUP_ATTRIBUTE, UPDATE_USER, CREATE_GROUP],attributes={password_max_chan ge_time=0, password_regex=, user_encryption_method=atlassian-security, password_history_count=1, useNestedGroups=false, password_max_attempts=0}]{code}