From: Tomas K. <to...@us...> - 2009-12-01 20:45:57
|
Shelley Waltz wrote: > > I recently added cracklib support to my change_ldappass and it > is working fine. One restriction imposed is the use of > special characters in the changing of one's ldap password. > > The message > "Passwords can only contain the following characters: > "A-Z, a-z, 0-9, %^*()-_+=[]{}:@#~,.?" > appears when one attempts to use a ! or $ in the new password. > > This emantes from > plugins/change_ldappass/functions.php > lines 48:53 > if > (!preg_match("/^[A-Za-z0-9_%=:@#~,\\^\\*\\(\\)\\-\\+\\[\\]\\{\\}\\.\\?]+$/",$cp_newpass)) > { > // i18n: comma separated list of acceptable characters is listed > in next line > array_push($Messages, > _("Passwords can only contain the following > characters:"), > "A-Z, a-z, 0-9, %^*()-_+=[]{}:@#~,.?"); > } > > > I am "assuming" that if I change the above lines to include a ! and a $ as > acceptable special characters, this would be ok? Let me know if there a > reason why certain special characters such as ! and $ are excluded and if > anything else needs changing to add special characters. > Based on diff between 1.3 and 1.4 versions and 1.4 changelog, I suspect that it is incorrectly implemented security fix or limitation of LM/SMB passwords. If you use plugin only for IMAP passwords, any symbol from 0x21 (exclamation mark) to 0x7e (tilde) can be used in SquirrelMail 1.4.x password. -- Tomas -- View this message in context: http://old.nabble.com/Change_Ldappass-tp26595569p26598771.html Sent from the squirrelmail-plugins mailing list archive at Nabble.com. |