Difference between revisions of "SME Server talk:Documentation:Administration Manual:Chapter9"
Line 15: | Line 15: | ||
--[[User:Stephdl|Stephdl]] ([[User talk:Stephdl|talk]]) 01:41, 12 July 2013 (MDT) we ought to add this mentions | --[[User:Stephdl|Stephdl]] ([[User talk:Stephdl|talk]]) 01:41, 12 July 2013 (MDT) we ought to add this mentions | ||
The following settings are available to specify the password strength on SME Server: | The following settings are available to specify the password strength on SME Server: | ||
+ | =====Changing User Passwords===== | ||
+ | Once they have an active account, your users can set their own passwords by accessing the user-password URL which is only accessible from Local Networks. They do this through their web browsers by visiting the URL www.yourdomain.xxx/user-password (where "www.yourdomain.xxx" is the web server name you entered into the server console). The staff at The Pagan Vegan would visit the URL www.yourdomain.xxx/user-password . | ||
+ | |||
+ | To make the change, a user would enter his or her account name (the characters before "@"), the old password and the new password (to ensure accuracy, the screen asks for the new password twice). Note that changing the password for a user in the server-manager overrides any previous password entered by your user. Therefore, when a user forgets his password, simply reset it in the server- manager. | ||
+ | |||
+ | | ||
+ | |||
+ | {{Note box|There is no way for the administrator to recover a forgotten password for a user. All they can do is set a new password for the user.}} | ||
+ | |||
+ | | ||
+ | |||
+ | {{Note box|'''Password strength checking is too strong. How do I change it?'''<br /> | ||
+ | First a warning - Far too many systems out there have weak passwords and they will be broken into. Educating your users on the necessity of strong passwords is the best option. If that fails, here is how you change the password strength checking from 'strong' to 'normal', which was the setting in previous versions of SME. Be careful to use the exact capitalization.<br /> | ||
+ | |||
+ | config setprop passwordstrength Users normal | ||
+ | config setprop passwordstrength Ibays normal | ||
+ | |||
+ | It is also possible, but strongly discouraged, to disable password strength checking by setting to 'none' | ||
+ | }} | ||
{| | {| |
Revision as of 08:43, 12 July 2013
I suppose it will be great to have also one note into Practical usage guidelines about removing the default SME server behaviour to auto create pseudonyms
I propose:
In this scenario (multiple domains) You probably will not need any more the auto creation of pseudonyms To achieve this comment with an # at beginning the line 793 into /usr/lib/perl5/site_perl/esmith/FormMagick/Panel/useraccounts.pm
the line should be like
# $accountdb->create_user_auto_pseudonyms($acctName);
--Stephdl (talk) 01:41, 12 July 2013 (MDT) we ought to add this mentions The following settings are available to specify the password strength on SME Server:
Changing User Passwords
Once they have an active account, your users can set their own passwords by accessing the user-password URL which is only accessible from Local Networks. They do this through their web browsers by visiting the URL www.yourdomain.xxx/user-password (where "www.yourdomain.xxx" is the web server name you entered into the server console). The staff at The Pagan Vegan would visit the URL www.yourdomain.xxx/user-password .
To make the change, a user would enter his or her account name (the characters before "@"), the old password and the new password (to ensure accuracy, the screen asks for the new password twice). Note that changing the password for a user in the server-manager overrides any previous password entered by your user. Therefore, when a user forgets his password, simply reset it in the server- manager.
setting explanation | |
---|---|
strong | The password is passed through Cracklib for dictionary type word checking as well as requiring upper case, lower case, number, non alpha and a mimimum length of 7 characters. |
normal | The password requires upper case, lower case, number, non alpha and a minimum length of 7 characters. |
none | The password can be anything as no checking is done.
Please note that "none" does not mean no password, it just means no password strength checking, so you can enter any (weak) password you want as long as it is at least 7 characters long. |