Hi,
well you could customize the passwordchange UI plugin and add some text to the password change plugin site, but it think without customization of the serverside plugin it won't be possible to implement a password check.
Announcement
Collapse
No announcement yet.
Check for weak passwords
Collapse
X
-
Originally posted by Carsten Hoeger View PostYes, of course. If you are using imapauth instead of db, the passwordchange is useless, anyway, as it cannot change the imap servers password.
we're currently considering running john the ripper in the background to detect weak passwords, but warning the user right away would be a better solution from a user experience point of view, of course.
Leave a comment:
-
Yes, of course. If you are using imapauth instead of db, the passwordchange is useless, anyway, as it cannot change the imap servers password.
Leave a comment:
-
Originally posted by Carsten Hoeger View PostI'd recommend to use the imap server to authenticate instead of our database.
Just deinstall authentication-database and replace it with authentication-imap.
And deinstall the passwordchange package.
Leave a comment:
-
I'd recommend to use the imap server to authenticate instead of our database.
Just deinstall authentication-database and replace it with authentication-imap.
And deinstall the passwordchange package.
Leave a comment:
-
Check for weak passwords
hi!
i just noticed that it is possible to set weak passwords via the web ui of open-xchange: configuration -> user -> password. is it possible to configure this / enable at least a simple password length check here?
our server stores password hashes in the mysql db and has pam/cyrus set up to authenticate against that.
thanks,
guenter
Leave a comment: