Menu
▾
▴
Re: [SM-PLUGINS] Change_Ldappass
|
From: Tomas K. <to...@us...> - 2009-12-01 20:45:57
|
Shelley Waltz wrote:
>
> I recently added cracklib support to my change_ldappass and it
> is working fine. One restriction imposed is the use of
> special characters in the changing of one's ldap password.
>
> The message
> "Passwords can only contain the following characters:
> "A-Z, a-z, 0-9, %^*()-_+=[]{}:@#~,.?"
> appears when one attempts to use a ! or $ in the new password.
>
> This emantes from
> plugins/change_ldappass/functions.php
> lines 48:53
> if
> (!preg_match("/^[A-Za-z0-9_%=:@#~,\\^\\*\\(\\)\\-\\+\\[\\]\\{\\}\\.\\?]+$/",$cp_newpass))
> {
> // i18n: comma separated list of acceptable characters is listed
> in next line
> array_push($Messages,
> _("Passwords can only contain the following
> characters:"),
> "A-Z, a-z, 0-9, %^*()-_+=[]{}:@#~,.?");
> }
>
>
> I am "assuming" that if I change the above lines to include a ! and a $ as
> acceptable special characters, this would be ok? Let me know if there a
> reason why certain special characters such as ! and $ are excluded and if
> anything else needs changing to add special characters.
>
Based on diff between 1.3 and 1.4 versions and 1.4 changelog, I suspect that
it is incorrectly implemented security fix or limitation of LM/SMB
passwords.
If you use plugin only for IMAP passwords, any symbol from 0x21 (exclamation
mark) to 0x7e (tilde) can be used in SquirrelMail 1.4.x password.
--
Tomas
--
View this message in context: http://old.nabble.com/Change_Ldappass-tp26595569p26598771.html
Sent from the squirrelmail-plugins mailing list archive at Nabble.com.
|