Koozali.org: home of the SME Server

Legacy Forums => General Discussion (Legacy) => Topic started by: Lasse Johansson on April 12, 2000, 03:59:28 PM

Title: User changable passwords in 4.06b
Post by: Lasse Johansson on April 12, 2000, 03:59:28 PM

Hallo everybody

I've found a strange "feature" in 4.06b:

When a user changes his password from the "default" to something better,
the system does NOT allow some very commonly used characters such as "_"
or "$"

Of course, it's perfectly possible to solve those problems "manually" by
asking the manager to change that user's password with passwd and
smbpasswd, but I don't see any reason for not being able to do it
directly from the web-interface...

Any comments or easy solutions? (Yes, I'll poke into the system and
search for a solution myself also...)

//Lasse

Title: RE: User changable passwords in 4.06b
Post by: Charlie Brady on April 12, 2000, 06:50:50 PM

Lasse Johansson wrote:

> When a user changes his password from the "default"
> to something better, the system does NOT allow some very
> commonly used characters such as "_" or "$"
>
> Of course, it's perfectly possible to solve those problems
> "manually" by asking the manager to change that
> user's password with passwd and smbpasswd, but I don't see any
> reason for not being able to do it directly from the
> web-interface...

You also posted your message to the developer mailing list - probably the right place for such a question.

Yes, the character set for passwords is more restricted than it might be. It should be fixed in a future relase, but needs to be done carefully to avoid introducing reliability or security problems.

Regards

Charlie