Topic: Password length not being enforced
==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 0.9.8
- Linux/BSD distribution name and version: CentOS 7.5
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL (MariaDB)
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro?: Yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
It's unclear to me from https://docs.iredmail.org/iredadmin-pro … olicy.html which "settings.py" file I should edit to set minimum and maximum password lengths. This is what I have on my system:
[08:14:31 root@server ~]# grep passwd_length /var/www/iRedAdmin-0.9/settings.py # - min_passwd_length: 0 means unlimited, but at least 1 character # - max_passwd_length: 0 means unlimited. min_passwd_length = 8 max_passwd_length = 0 [08:15:41 root@server ~]# grep passwd_length /var/www/iRedAdmin-Pro-SQL-2.9.0/settings.py # - min_passwd_length: 0 means unlimited, but at least 1 character # - max_passwd_length: 0 means unlimited. min_passwd_length = 12 max_passwd_length = 0 [08:15:45 root@server ~]#
In iRedAdmin-Pro I set up every new domain as follows under "Advanced" settings for the domain:
* Minimum password length: 12
* Maximum password length: 0
However, any user can change the minimum password length to 4, for example, defeating the purpose of setting a server-wide minimum!
Also, when I try to change the maximum to 0 (for unlimited), when I click "Save changes" the page reloads with the same old value in the box.
What am I doing wrong? Which "settings.py" file should I be using? And why are the setting in "settings.py" not working?
Before writing this post I ran
systemctl restart uwsgi
to make sure everything was properly set.