#4105 Inconsistencies with password changes
I'm trying to allow users to change their own password, with a password strength check.
First I used the Webmin users > Password Restrictions most complete configuration to enforce the password strength.
But when the user changes his/her password in System > Change password, these restrictions are not taken into account for the system password.
In addition, if I enable "Change password in other modules", a weak password is accepted for the system password, but silently rejected for the webmin password, which is particularly puzzling when trying to figure out what happened.
So I believe there's a bug here, as I'd like failed password changes not to be silent in other modules.
Then, I used the 'useradmin' module configuration to implement the password strength checks.
This works, but sadly it is not as complete. I found a work-around to use only 1 regexp instead of several, but I really miss the "Human-readable description for regular expression", because users now get an obscure "Failed to change password : Password does not match regexp ^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[,?;.:\/!§*%^=+*-\\@&~#"'[\](){}]).*$" error when trying the change the password.
So there is a wishlist here : being able to set password restrictions in a unified manner, with human-readable errors.
But maybe I missed a better way to implement self password change with strength checks?
The restrictions at Webmin -> Password Restrictions only effect Webmin logins - if you want to restrict passwords for Unix users, this can be set at System -> Users and Groups -> Module Config.
I like the idea of adding an option for a human-readable description of the regexp though. I will add this in the Users and Groups module in the next release.