|
From: SourceForge.net <no...@so...> - 2011-08-23 23:28:41
|
Feature Requests item #2752992, was opened at 2009-04-11 15:24 Message generated for change (Comment added) made by christian_boltz You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937967&aid=2752992&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Core Group: None >Status: Closed >Resolution: Duplicate Priority: 5 Private: No Submitted By: Charles (libertytrek) Assigned to: Nobody/Anonymous (nobody) Summary: Cracklib support for strong passwords Initial Comment: I'd love to see support for the use of cracklib, where the Admin can define the password criteria on a per-domain basis, in a simple screen... Min Length: Duration: # of Upper Case characters: # of Lower Case characters: # of Number characters: # of Non-AlphaNumeric characters: Illegal characters: Hmmm... duration would also require Cron support I guess... and also the ability to send email notifications (similar to Quota notifications) so the user knows when they need to change it - maybe even with a link to a secure change password page so if they let it expire, they can still go change it without having to call support... ---------------------------------------------------------------------- >Comment By: Christian Boltz (christian_boltz) Date: 2011-08-24 01:28 Message: Your requirements should be able to fulfill with a set of RegExes, for example "at least 2 uppercase characters" would be "/[A-Z].*[A-Z]/". Therefore I'm closing this as duplicate of http://sourceforge.net/tracker/?func=detail&aid=1785513&group_id=191583&atid=937967 The only exception is the duration / expiration date of passwords - but that's something I'm not planning to implement because it would be the only thing requiring a cron job. BTW, how would you enforce this? Disabling SMTP and POP3 logins is insane (and would even be possible without a cronjob - do it in SQL), and users won't care much if they only get a warning in PostfixAdmin. Besides activating vacation, most users never login in PostfixAdmin. If you only want to send a "please change your password" mail, this can easily be done with an additional field for the expiration date and an external cron script. (I'd accept a patch and a script for ADDITIONS/, but won't do it myself.) Therefore closing as 90% duplicate and 10% wontfix ;-) If you don't agree, feel free to reopen. ---------------------------------------------------------------------- Comment By: Charles (libertytrek) Date: 2011-01-02 23:23 Message: I'd still like to see this happen, although I no longer have any interest in setting a duration, so no cron support would be required... ---------------------------------------------------------------------- Comment By: GingerDog (gingerdog) Date: 2009-04-18 08:59 Message: Is there anything else you'd like adding ? :-) It seems a good idea - and there is http://pecl.php.net/package/crack which would help somewhat. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937967&aid=2752992&group_id=191583 |
