Topic: change minimum password length

[miomiomio]

hi

the sme server user creation required to insert a 7 ch password.

how can change this value?

my net is very small and security is not a my priority.

I would can insert password of 2 character

thanks

[Stefano]

welcome here

in short: you can't.. i suggest you to search the forums to find more info

[idp_qbn]

I have not found a way of doing this in SME: something, somewhere prevents this.
BUT
You can log on at the console (or using a terminal program from your PC) and reset the password for your users directly, one at a time. eg to set the password for user "freddy"

Code: [Select]

passwd freddyYou can use a shorter password at this point.

However, you should heed the warnings about security - if you have weaker passwords you should have stronger physical security. We never think our data is valuable until we have to replace it.

Cheers
Ian

[byte]

You can log on at the console (or using a terminal program from your PC) and reset the password for your users directly, one at a time. eg to set the password for user "freddy"

Code: [Select]

passwd freddy

Not recommended and will break other features. If you really have to decrease security just follow:

Password strength

and set to none then use aaaaaaa as a password but again and as said if you value your data take action now and enforce strong passwords rather than wait for the event.

[cactus]

the sme server user creation required to insert a 7 ch password.

how can change this value?

You can not as some of the packages that are used on SME Server (IIRC it might be samba) use a minimal password length, therefore the lowest length is 7. Please follow other posters advice and lower password stregth settings and use a easy password.

[pmceache]

This is not recomended but I have changed this on my server by altering the file :
/usr/lib/perl5/site_perl/esmith/FormMagic on line 789.  Change the 7 to a 5 & "> 6" to "> 4", save the file & give it a try. This worked for me.

sub validate_password
{
    my ($fm,$strength,$pass) =3D @_;

    use Crypt::Cracklib;

    my $reason;

    if ($strength eq "none") {
        return $fm->localise("Passwords must be at least 7 characters =
long") unless (length($pass) > 6);
        return "OK";
    }

[janet]

pmceache

This is not recomended but I have changed this on my server by altering the file :
/usr/lib/perl5/site_perl/esmith/FormMagic on line 789.

Which will be overwritten on future upgrades, so you will need to reconfigure this after such an upgrade.

[miomiomio]

thanks a lot!!!!!!!!!!

On Monday i'll try it

you are my safety!!

[elmarconi]

pmceache

Which will be overwritten on future upgrades, so you will need to reconfigure this after such an upgrade.

[elmarconi]

Oops, noticed posting failure above, anyway:
http://forums.contribs.org/index.php/topic,43318.msg206077.html#msg206077

If anyone can shine a light why we need 7 as a minimum, which things will be broken if we use 6, then I would be most gratefull. So far, no-one has.

[janet]

elmarconi

If anyone can shine a light why we need 7 as a minimum

The designers wanted a secure password and 7 characters was statistically more secure than 6 !

....which things will be broken if we use 6, then I would be most gratefull. So far, no-one has.

Search forums, devinfo mail list and bugzilla for numerous discussions and the answers you say "no-one has yet given". IIRC  the pam module requires minimum 6 characters.

Keep in mind that the designers have specified 7 characters as a "sme server minimum design criteria", so if you choose to configure your system outside these parameters  one day in the future your server may break and you will need to change all your passwords anyway.

[janet]

elmarconi

Here's one thread with answers, there are many more if you look
Please use advanced search on password for effective results
http://forums.contribs.org/index.php/topic,43261.msg205649.html#msg205649
Make sure you read right to the end

[elmarconi]

The designers wanted a secure password and 7 characters was statistically more secure than 6 !

Search forums, devinfo mail list and bugzilla for numerous discussions and the answers you say "no-one has yet given". IIRC  the pam module requires minimum 6 characters.

Keep in mind that the designers have specified 7 characters as a "sme server minimum design criteria", so if you choose to configure your system outside these parameters  one day in the future your server may break and you will need to change all your passwords anyway.

mary, thanks for answers. They light up my day!

I am aware of the risks, I wondered why there is a reason to go above the min. of 6, as PAM sets this minimum. As password strength for users and ibays is also templated, (setprop passwordstrength) I've asked for a custom property minPasswordlength. If you allow passwordstrength=none why not minPasswordlength=6?

[janet]

elmarconi

Forgive me, but I'm constantly dumbstruck by the way people overlook or ignore the answer when it is given to them.
Didn't I just answer you with this statement ?

"The designers wanted a secure password and 7 characters was statistically more secure than 6 !"

[elmarconi]

Maybe my English isn't as good as I think it is...

I answered:

mary, thanks for answers. They light up my day!

I wondered ...

That is written in the past. It was to explain/summarize the things mentioned in the thread you referred to. As you can see i was also involved there.

To make things clear: I wondered means I do not wonder anymore.

Thanks again.