Topic: Password complexity

[hlbrooks]

I would like to change the password complexity rules on SME Server. At present the rules are that passwords are to be at least 7 characters and contain upper, lower case, numbers and characters. I would like to change these setting to make passwords less extreme. Any suggestions..
Thanks
Howard

[kmccarn]

This is from another post - try search....

config setprop passwordstrength Users normal
config setprop passwordstrength Ibays normal

It is also possible, but strongly discouraged, to disable password strength checking:

config setprop passwordstrength Users none
config setprop passwordstrength Ibays none

 

[hlbrooks]

Thanks. Worked a treat

[pelli]

hello,

i would like set the Strong password with at least 8 characters and set expire password after 3 month. Any suggestion?

Thanks

[anne]

I could be very angry right now, but i try to remain calm, i am calm.
Ahem...

. Backup does not work, it takes very long and in the end bit by bit... timeout (There are about 85 users on my server)
. through FTP i can't read users dirs except the admin dir?!?!?!(as only ADMIN could login there)
. adding users take crap load of time (sorry for writing the word crap, twice)
. strong passwords, reminder to myself 'Capitalize' the U of users.
. How many users supports this server?
. How can i tell what the password setting is?

It could be my mistake, but hey, i can't see it...
If there's anyone who can help me out, thanx

[bpivk]

. Backup does not work, it takes very long and in the end bit by bit... timeout (There are about 85 users on my server) Don't know about that one. Server traffic maybe?

. How many users supports this server?
As many as you want. It depends on your server.

. How can i tell what the password setting is?
It's high by default. But you can lower it.

. through FTP i can't read users dirs except the admin dir?!?!?!(as only ADMIN could login there)
I think that you can fix it but you have to set the proper permissions for the folder you want to have access to.

. adding users take crap load of time (sorry for writing the word crap, twice)
You didn't tell us how long.

.strong passwords, reminder to myself 'Capitalize' the U of users.
Well set it to medium nad you won't have to Capitalize it.

[anne]

Hi,
Let me enlighten some things here...

Hi everyone,

This first mail from me was in error, the problem was not. The cause was by far the fault of Contribs, Sme, Linux or whatsoever. All problems began when traffic was building up when users grew, the networkcard used, a 3c905B Combo card, transmitted everything in order, but the switch, a catalyst 4006 with glasfiber and 6 blades in it, it's ports were configured wrong. Some of them were configured in forced mode 100 full duplex, whilst the card wanted it automatic.
A colleague put the port in auto-mode and the backup was ready in 10 seconds...
That made my day. Now i'm trying to dig into Linux to find this sort of problems myself before putting on an angry face.
Sorry if i offended anyone, it was not my purpose, just wanted badly to use this fine product.

And now ......
. How can i tell what the password setting is?
It's high by default. But you can lower it.
+Please, tell me this option is going in the config pages

. through FTP i can't read users dirs except the admin dir?!?!?!(as only ADMIN could login there)
I think that you can fix it but you have to set the proper permissions for the folder you want to have access to.
+My guess was that the admin was the righteous man to do so, i hope this one goes in the config pages too...

. adding users take crap load of time (sorry for writing the word crap, twice)
You didn't tell us how long.  
+As the first part says: the problem was not the software but the switch...Thus solved...  

.strong passwords, reminder to myself 'Capitalize' the U of users.  
Well set it to medium nad you won't have to Capitalize it.
+This one deffinately should go to the config pages.

By far i'm missing the hardware configuration and the password encryption level, and all the other important stuff...

Thanx..

[bpivk]

Hi,
The cause was by far the fault of Contribs, Sme, Linux or whatsoever.
A colleague put the port in auto-mode and the backup was ready in 10 seconds...
Now i'm trying to dig into Linux to find this sort of problems myself before putting on an angry face

Well this is your switch related problem not linux related.
Sme worked and the card worked but the switch didn't.
So this was your fault not SME's.  But let's leave it at that.


Now back to business...

To set the password strength to normal type:
config setprop passwordstrength Users normal
config setprop passwordstrength Ibays normal

And if you want to disable the password checking:
config setprop passwordstrength Users none
config setprop passwordstrength Ibays none


And this is what i found: (this is for admin accessing user foders)

This is the code i added to my smb.conf so if anyone has any ideas to get it to go direct to the users "home" dir and not show the mail folders.....

Code: [Select]


[admin_shares]
comment = home_directories
path = /home/e-smith/files/users/
valid users = admin root *your_user_name
admin users = admin root *your_username
write list = admin root *your_user_name
public = no
browsable = yes
writable = yes


Or you can just use putty and connect to your server via root account. (This is the fastest way and you don't have to do anything)

I hope this helps.

[anne]

Hi there,

I'm going to try this out next week.....

Thanks

[william_syd]

. How can i tell what the password setting is?

Code: [Select]

config show passwordstrength

[anne]

Hi ya all,

I wanted to say that all those nifty solutions should be integrated into the next update and never leave there...

Thanks....

[bpivk]

Well password should be strong by default so i don't think that it should be incorporated into admin pannel. Sme admins should know how to set this stuff trough the console (you do it once at install and that's it) so you really don't need another option to clutter your pannel.

[anne]

Every mail server has it's back and frontend... Why should i not want such a panel option?
It is hard already to add and maintain all the users, ik takes a crap load of time to do the simple work, now you gonna say that there is no possibility for that?  
I was hopin that the administrator could give a super-users certain rights to add users and to change certain things for them, just to keep the administrator out of this simple work.

I was hopin too that the backend was so dynamic that it could be possible to let certain priveledges towards a super-user, to make life easier for the admin.   He is the one to keep things go, but this you tell me makes no sense.
What if you were an administrator of let's say, an w2003 server, and every minute the users keep barging in your office asking if you could put a file in their home dir.... sounds like a lot of fun.
Let's make things better....Get that panel secure and extend it with options... please....
Ps. during UPGRADE..... there was no question if i would use a strong password or not.....

[bpivk]

What if you were an administrator of let's say, an w2003 server, and every minute the users keep barging in your office asking if you could put a file in their home dir.... sounds like a lot of fun.

But they can put a file in their home dir. Just use a ftp program and that's it. The user enters his username and pass and that's it. He is in his home folder.

Let's make things better....Get that panel secure and extend it with options... please....

The panel is secured with a certificate (https) so i don't know what you are talking about.
And if i send you a screenshot with my pannel you'll see that it's hard to find something because i have so many links. So inserting one more just for this simple comand is just silly. If you don't like the password set it to none and that's it. No more problems.

Ps. during UPGRADE..... there was no question if i would use a strong password or not.....

This is set by default. And during install not during upgrades. If you want to change it do this with the commands we wrote.


Here are some contribs to ease some jobs you want to do....

Add multiple users and groups via command line:
http://mirror.contribs.org/smeserver/contribs//jbennett/sme7/lat/smeserver-lazy_admin_tools-0.9.1-2.noarch.rpm

Smeserver module to configure Shell and FTP and other access for users:
http://sme.dungog.net/packages/smeserver/7.0/i386/RPMS.dungog/smeserver-remoteuseraccess-1.2-10.noarch.rpm <--this is used to set different folders (if you want to change the ftp path from home to another folder)

Oh yeah i forgot. There aren't any power users (only admins and users) but you can install a few contribs that can give some admin privileges to them.

I hope that this is the information you needed.

[anne]

In my work as an administrator (NSA, MSCE) i am used to arrange things for users from an administrative point of view. Therefor i meant that the options, how weird they may sound, should be in some window, webbased or not, so that i, and every administrator can change things.
I see this conversation leading into nothing, you can't or won't change the problems i asked, so, i keep nagging about it and you keep telling me that i am nagging...
I was only hoping that there was actually some sense in what i asked and that it could be a topic for future versions, that's why i said "let's make things better" not that it wasn't, it's only not too user friendly for peeps who see this the first time.
I am used now to the difficult way of doing things, and this is no problem for me.

But, i hardcopied everything spoken of here, so i can refer to it if nescessary...

Thanks....