#1  
Old 30th August 2012, 22:59
HarborTech HarborTech is offline
Junior Member
 
Join Date: Feb 2012
Posts: 6
Thanks: 2
Thanked 0 Times in 0 Posts
Default Email Complex Password Policy

Forgive me if this has been asked and answered before. I searched the forums a few different ways and didn't run across anything that handled this specifically.

Now, I fully understand that "complex password" doesn't necessarily mean it's an uncrackable password. You would be better off using "janetoschoolwentapplemonkeycarburetor" than you would by using "!#4ppl3#!". However, my clients are fond of using passwords such as "password".

Is there a way to enforce the clients to at least meet certain criteria when creating mailbox passwords?

Best regards,

--Jason
Reply With Quote
Sponsored Links
  #2  
Old 31st August 2012, 09:06
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,011
Thanks: 826
Thanked 5,379 Times in 4,226 Posts
Default

Such a function is not available yet, but there might be a feature request for this in the bugtracker if I remember correctly.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 31st August 2012, 11:03
cfoe cfoe is offline
ISPConfig Developer
 
Join Date: Oct 2011
Location: NRW, Germany
Posts: 233
Thanks: 27
Thanked 57 Times in 32 Posts
Send a message via Skype™ to cfoe
Default

Quote:
Originally Posted by till View Post
Such a function is not available yet, but there might be a feature request for this in the bugtracker if I remember correctly.
http://bugtracker.ispconfig.org/inde...ls&task_id=441
__________________
Christian Foellmann

OpenSource-Projects - GitHub-Projects - SVN-Mirrors on GitHub - Foe Services
Reply With Quote
  #4  
Old 31st August 2012, 16:25
HarborTech HarborTech is offline
Junior Member
 
Join Date: Feb 2012
Posts: 6
Thanks: 2
Thanked 0 Times in 0 Posts
Default

Very awesome, I'm glad this is already in the feature requests!

Is such a thing difficult to implement? I am no developer by any means, but would love to see such a feature become available. I would think because the "Password Strength" visual is already checking the 'strength' of the password, that the underlying basics are already in place to enable such a feature.

Essentially "If <password> != Strong, then deny password change".

By the looks of that feature request, it's about three years old now. What are the chances it could get looked at?

Best regards,

--Jason
Reply With Quote
  #5  
Old 31st August 2012, 16:47
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,011
Thanks: 826
Thanked 5,379 Times in 4,226 Posts
Default

The chances that it gets implemented will rise if you vote for it in the bugtracker as the developers choose new features by number of votes.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #6  
Old 21st October 2013, 09:11
Quickspace Quickspace is offline
Junior Member
 
Join Date: Oct 2013
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default Email Complex Password Policy

Hi.

Not the greatest solution but quick to implement. What I did was to edit the email template and set the password field to read only. This forces users to use the password generator when adding or editing email boxes.

Edit this file.

/usr/local/ispconfig/interface/web/mail/templates/mail_user_mailbox_edit.htm

Then edit this line

<input name="password" id="password" value="{tmpl_var name='password'}" size="30" maxlength="255" type="password" class="textInput" onkeyup="pass_check(this.value);checkPassMatch('pa ssword','repeat_password');" />&nbsp;<a href="javascript:void(0);" onclick="generatePassword('password','repeat_passw ord');">{tmpl_var name='generate_password_txt'}</a>

And Replace with

<input readonly name="password" id="password" value="{tmpl_var name='password'}" size="30" maxlength="255" type="password" class="textInput" onkeyup="pass_check(this.value);checkPassMatch('pa ssword','repeat_password');" />&nbsp;<a href="javascript:void(0);" onclick="generatePassword('password','repeat_passw ord');">{tmpl_var name='generate_password_txt'}</a> Custom passwords not allowed. Please use the Generator!
Reply With Quote
Reply

Bookmarks

Tags
secure password policy

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Email delivery problem - Ubuntu Karmic Koala (Ubuntu 9.10) [ISPConfig 2] qiubosu Installation/Configuration 1 18th January 2010 09:21
ISPConfig 3. Email password change and autoresponders aperion General 6 8th May 2009 18:04
Samba + LDAP enforcing a password policy wildgoosed Server Operation 2 22nd April 2008 17:53
CacheALL email problem no.2 Snowman General 2 2nd August 2007 09:45
Problems with the Virtual Users And Domains With Postfix, Courier And MySQL tutorial wwinfrey HOWTO-Related Questions 12 15th August 2006 16:38


All times are GMT +2. The time now is 14:18.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.