Password complexity is set to normal but enforced as strong

Frank VB

127
+0/-0

Password complexity is set to normal but enforced as strong

« on: March 26, 2007, 02:44:28 PM »

Recently I've upgraded my 6.0.1 SME Server to 7.1.0. I changed the password complexity for users to normal (see http://forums.contribs.org/index.php?topic=34609.0 on how I did this).

Everything worked fine until, I guess, I upgraded to 7.1.1 and later 7.1.2. If I create a new user (or reset the password of an existing user) the server manager gives an error saying the password isn't strong enough:

Quote

The password you provided was not a good password. A good password must contain all of the following: upper case letter, lower case letter, number, non-alphanumeric character, be at least 7 characters long.

I used a password consisting of three random letters and three random digits (e.g. zdt428).

The setting in the passwordstrength key is set to normal as shown in the excerpt from my settings:

Quote

passwordstrength=configuration
Admin=none
Ibays=none
User=none
Users=normal

I even executed the command a second time to set the password strength to normal, but it still won't accept the password. I changed the password to e.g. Zdt_248 and then it was accepted.

Why do I get this error message nonetheless? Does it has anything to do with the upgrade?

Logged

del

765
+0/-0

Password complexity is set to normal but enforced as strong

« Reply #1 on: March 26, 2007, 03:31:15 PM »

Hi frankvb,

I had a simular problem but it was even before I upgraded to 7.1 and in order to accept any password I had to set it to:

Quote

Users=none

I made the mistake of thinking that none meant exactly that

I thought I would not need any passwords but I beleive that it only means no security check of the password

I maybe wrong , if so I apologize and I am sure someone will correct me

Regards,
Del

Logged

If at first you don't succeed, then sky-diving is not for you!
"Life is like a coin. You can spend it anyway you wish, but you can only spend it once." --Author Unknown

CharlieBrady

6,918
+3/-0

Re: Password complexity is set to normal but enforced as str

« Reply #2 on: March 26, 2007, 05:54:00 PM »

Quote from: "frankvb"

Quote
The password you provided was not a good password. A good password must contain all of the following: upper case letter, lower case letter, number, non-alphanumeric character, be at least 7 characters long.

I used a password consisting of three random letters and three random digits (e.g. zdt428).

The password you used does not contain upper case letters or non-alphanumeric characters.

Logged

bpivk

908
+0/-0

Password complexity is set to normal but enforced as strong

« Reply #3 on: March 26, 2007, 07:13:48 PM »

I never noticed a difference when i set my strenght to strong or normal so i guess that it's only for internal use (how the server deals with the password). Requirements for password stays the same (small caps, capital letters, symbols and numbers).

Logged

"It should just work" if it doesn't report it. Thanks!