Topic: Password length not being enforced
==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 0.9.8
- Linux/BSD distribution name and version: CentOS 7.5
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL (MariaDB)
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro?: Yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
Hi Zhang,
It's unclear to me from https://docs.iredmail.org/iredadmin-pro … olicy.html which "settings.py" file I should edit to set minimum and maximum password lengths. This is what I have on my system:
[08:14:31 root@server ~]# grep passwd_length /var/www/iRedAdmin-0.9/settings.py
# - min_passwd_length: 0 means unlimited, but at least 1 character
# - max_passwd_length: 0 means unlimited.
min_passwd_length = 8
max_passwd_length = 0
[08:15:41 root@server ~]# grep passwd_length /var/www/iRedAdmin-Pro-SQL-2.9.0/settings.py
# - min_passwd_length: 0 means unlimited, but at least 1 character
# - max_passwd_length: 0 means unlimited.
min_passwd_length = 12
max_passwd_length = 0
[08:15:45 root@server ~]#In iRedAdmin-Pro I set up every new domain as follows under "Advanced" settings for the domain:
* Minimum password length: 12
* Maximum password length: 0
However, any user can change the minimum password length to 4, for example, defeating the purpose of setting a server-wide minimum!
Also, when I try to change the maximum to 0 (for unlimited), when I click "Save changes" the page reloads with the same old value in the box.
What am I doing wrong? Which "settings.py" file should I be using? And why are the setting in "settings.py" not working?
Before writing this post I ran
systemctl restart uwsgito make sure everything was properly set.
Craig
----
Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.
