Announcement

**Carsten Hoeger** · 05-11-2009, 09:04 AM

I'd recommend to use the imap server to authenticate instead of our database.
Just deinstall authentication-database and replace it with authentication-imap.
And deinstall the passwordchange package.

**goofy** · 05-11-2009, 09:40 AM

Originally posted by Carsten Hoeger View Post

I'd recommend to use the imap server to authenticate instead of our database.
Just deinstall authentication-database and replace it with authentication-imap.
And deinstall the passwordchange package.

but if i deinstall the passwordchange package would't that prevent users from changing their passwords using the web interface?

**Carsten Hoeger** · 05-11-2009, 09:57 AM

Yes, of course. If you are using imapauth instead of db, the passwordchange is useless, anyway, as it cannot change the imap servers password.

**goofy** · 05-11-2009, 11:11 AM

Originally posted by Carsten Hoeger View Post

Yes, of course. If you are using imapauth instead of db, the passwordchange is useless, anyway, as it cannot change the imap servers password.

*g* - ok, now that is actually the exact opposite from what i had in mind - i wanted to fix the password change menu option, not remove it completely.

we're currently considering running john the ripper in the background to detect weak passwords, but warning the user right away would be a better solution from a user experience point of view, of course.

**Martin Heiland** · 05-11-2009, 11:40 AM

Hi,

well you could customize the passwordchange UI plugin and add some text to the password change plugin site, but it think without customization of the serverside plugin it won't be possible to implement a password check.

Announcement

Check for weak passwords

Check for weak passwords

Comment

Comment

Comment

Comment

Comment