Koozali.org: home of the SME Server
Obsolete Releases => SME Server 7.x => Topic started by: miomiomio on October 02, 2009, 05:58:33 PM
-
hi
the sme server user creation required to insert a 7 ch password.
how can change this value?
my net is very small and security is not a my priority.
I would can insert password of 2 character
thanks
-
welcome here
in short: you can't.. i suggest you to search the forums to find more info
-
I have not found a way of doing this in SME: something, somewhere prevents this.
BUT
You can log on at the console (or using a terminal program from your PC) and reset the password for your users directly, one at a time. eg to set the password for user "freddy"
passwd freddyYou can use a shorter password at this point.
However, you should heed the warnings about security - if you have weaker passwords you should have stronger physical security. We never think our data is valuable until we have to replace it.
Cheers
Ian
-
You can log on at the console (or using a terminal program from your PC) and reset the password for your users directly, one at a time. eg to set the password for user "freddy"
passwd freddy
Not recommended and will break other features. If you really have to decrease security just follow:
Password strength (http://wiki.contribs.org/SME_Server:Documentation:FAQ#Password_Strength_Checking)
and set to none then use aaaaaaa as a password but again and as said if you value your data take action now and enforce strong passwords rather than wait for the event.
-
the sme server user creation required to insert a 7 ch password.
how can change this value?
You can not as some of the packages that are used on SME Server (IIRC it might be samba) use a minimal password length, therefore the lowest length is 7. Please follow other posters advice and lower password stregth settings and use a easy password.
-
This is not recomended but I have changed this on my server by altering the file :
/usr/lib/perl5/site_perl/esmith/FormMagic on line 789. Change the 7 to a 5 & "> 6" to "> 4", save the file & give it a try. This worked for me.
sub validate_password
{
my ($fm,$strength,$pass) =3D @_;
use Crypt::Cracklib;
my $reason;
if ($strength eq "none") {
return $fm->localise("Passwords must be at least 7 characters =
long") unless (length($pass) > 6);
return "OK";
}
-
pmceache
This is not recomended but I have changed this on my server by altering the file :
/usr/lib/perl5/site_perl/esmith/FormMagic on line 789.
Which will be overwritten on future upgrades, so you will need to reconfigure this after such an upgrade.
-
thanks a lot!!!!!!!!!!
On Monday i'll try it
you are my safety!!
-
pmceache
Which will be overwritten on future upgrades, so you will need to reconfigure this after such an upgrade.
-
Oops, noticed posting failure above, anyway:
http://forums.contribs.org/index.php/topic,43318.msg206077.html#msg206077
If anyone can shine a light why we need 7 as a minimum, which things will be broken if we use 6, then I would be most gratefull. So far, no-one has.
-
elmarconi
If anyone can shine a light why we need 7 as a minimum
The designers wanted a secure password and 7 characters was statistically more secure than 6 !
....which things will be broken if we use 6, then I would be most gratefull. So far, no-one has.
Search forums, devinfo mail list and bugzilla for numerous discussions and the answers you say "no-one has yet given". IIRC the pam module requires minimum 6 characters.
Keep in mind that the designers have specified 7 characters as a "sme server minimum design criteria", so if you choose to configure your system outside these parameters one day in the future your server may break and you will need to change all your passwords anyway.
-
elmarconi
Here's one thread with answers, there are many more if you look
Please use advanced search on password for effective results
http://forums.contribs.org/index.php/topic,43261.msg205649.html#msg205649
Make sure you read right to the end
-
The designers wanted a secure password and 7 characters was statistically more secure than 6 !
Search forums, devinfo mail list and bugzilla for numerous discussions and the answers you say "no-one has yet given". IIRC the pam module requires minimum 6 characters.
Keep in mind that the designers have specified 7 characters as a "sme server minimum design criteria", so if you choose to configure your system outside these parameters one day in the future your server may break and you will need to change all your passwords anyway.
mary, thanks for answers. They light up my day!
I am aware of the risks, I wondered why there is a reason to go above the min. of 6, as PAM sets this minimum. As password strength for users and ibays is also templated, (setprop passwordstrength) I've asked for a custom property minPasswordlength. If you allow passwordstrength=none why not minPasswordlength=6?
-
elmarconi
Forgive me, but I'm constantly dumbstruck by the way people overlook or ignore the answer when it is given to them.
Didn't I just answer you with this statement ?
"The designers wanted a secure password and 7 characters was statistically more secure than 6 !"
-
Maybe my English isn't as good as I think it is...
I answered:
mary, thanks for answers. They light up my day!
I wondered ...
That is written in the past. It was to explain/summarize the things mentioned in the thread you referred to. As you can see i was also involved there.
To make things clear: I wondered means I do not wonder anymore.
Thanks again.
-
elmarconi
No worries.
I read it as "I was still wondering", as in "I wondered a few moments ago", eg when you typed the last post.
English grammar and tense etc can be tricky even for those with English as a native first language.
-
pmceache
Which will be overwritten on future upgrades, so you will need to reconfigure this after such an upgrade.
tks it's work