Topic: Passwordstrength None - getting rid of 7 chars minimum

[the-heck]

Hi everybody.

I have been using sme7.1.3, all my home servers are set to passwordstrength none.  When the release of 7.2 final, I tried to install in one of my free server and tried to set the passwordstrength to none.

All my commands are ok and even check by showing the prop.  but creating users and unlocking the account requires a 7 chars minimum for the password.

I want to have a users with no password at all... can anyone tells me how to get a workaround for this limitation?

[cactus]

I want to have a users with no password at all... can anyone tells me how to get a workaround for this limitation?

I wouldn't encourage the use of empty passwords, especially as SME Server is trying to be as secure as possible.

But from viewing this link of the source code I think you will have to be in the network.pm file in the FormMagick library directory. There should be a line that check that the password has a minimal length of 6... perhaps removing that could fix your issue, although a upgrade might remove your changes.

[cool34000]

I guess there will be more work for you...
Most of program that use an authentification mode just don't like empty password (i.e. webmail?)

There are a lot of (bad) solutions to bypass this limitation (which I will not talk about because they are BAD solutions)

I guess password policy set to NONE is already the best of worst solutions!

My 2 cents.