Okay, I didn't notice this until today. I entered a 10 character password. My old password was 8 characters. I accidentally entered my old password and it worked.

How can I change the limit for ISPConfig User & Email Passwords? This is a SERIOUS disadvantage.

This is a SERIOUS disadvantage.

This is the way the traditional linux password encryption works. If you want to use longer passwords, set the password encryption method to md5 in the config.inc.php file.

Wow, I was unaware of that. That's a good thing to know, and btw thanks for the advice as far as possibly changing the encryption to md5.

One quick question though.....if I add a user in linux the normal way via:

#adduser

I've added passwords 2 to 3 times longer than 8 characters for some users.

They seem to work fine. I'm sure I'm missing something....why is it that I can set long passwords in linux that way but not through the User & Email tab in ispconfig?

Thanks for answering my questions indeed.

Current linux distributions are using md5 as default and the latest ispconfig uses md5 as default too.

Hi,

What about forcing users not to use their username in the password? and maybe adding a minimum of 1 number and 1 sign?

Thanks

Ray