1 (edited by b4nsh33 2014-03-07 06:36:35)

Topic: force strong password when changin password using gui

==== Required information ====
- iRedMail version: 1.8.1
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): mysql
- Linux/BSD distribution name and version: debian 6
- Related log if you're reporting an issue: /var/log/mail.log
====

Hello, how can i enforce strong passwords when our support team changes a customer pop3 password?
I have verified that into roundcube this restriction is enabled so the customer can not use an easy guessable passwords, but when using iredadmin the support team can use 123 or even the same username as password.
i know, they should not be doing it but it is a lost battle, there are so many people that is imposible to track who is disobeying our internal policy.
regards.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: force strong password when changin password using gui

Currently, with iRedAdmin-Pro, you can restrict password length, but no addition restriction rules.
May i know what addition restrictions you need?

*) Cannot be same as username.
*) Have at least a digit number.
*) Have at least a special characters like '%*.' etc.

3 (edited by b4nsh33 2014-03-07 23:51:32)

Re: force strong password when changin password using gui

ZhangHuangbin wrote:

Currently, with iRedAdmin-Pro, you can restrict password length, but no addition restriction rules.
May i know what addition restrictions you need?

*) Cannot be same as username.
*) Have at least a digit number.
*) Have at least a special characters like '%*.' etc.


All 3 are ok. I dont know what algorithm roundcube/linux etc uses but it somehow detect when you set a password like 12345 and warns you about it.
btw, how to set password length

4

Re: force strong password when changin password using gui

b4nsh33 wrote:

I dont know what algorithm roundcube/linux etc uses but it somehow detect when you set a password like 12345 and warns you about it.

I guess you mean "cracklib". Search "linux cracklib" in Google will give more details.

b4nsh33 wrote:

btw, how to set password length

With iRedAdmin-Pro, you can set in iRedAdmin-Pro config file "settings.py" as global setting, or set in domain profile page for per-domain setting.
NOTE: If password length set in per-domain setting is less than global setting, iRedAdmin-Pro will use global setting instead.