SME Server talk:Documentation:Administration Manual:Chapter9

From SME Server
Revision as of 08:43, 12 July 2013 by Stephdl (talk | contribs)
Jump to navigationJump to search

I suppose it will be great to have also one note into Practical usage guidelines about removing the default SME server behaviour to auto create pseudonyms

I propose:


In this scenario (multiple domains) You probably will not need any more the auto creation of pseudonyms 
To achieve this comment with an # at beginning the line 793 into /usr/lib/perl5/site_perl/esmith/FormMagick/Panel/useraccounts.pm

the line should be like

#    $accountdb->create_user_auto_pseudonyms($acctName);

--Stephdl (talk) 01:41, 12 July 2013 (MDT) we ought to add this mentions The following settings are available to specify the password strength on SME Server:

Changing User Passwords

Once they have an active account, your users can set their own passwords by accessing the user-password URL which is only accessible from Local Networks. They do this through their web browsers by visiting the URL www.yourdomain.xxx/user-password (where "www.yourdomain.xxx" is the web server name you entered into the server console). The staff at The Pagan Vegan would visit the URL www.yourdomain.xxx/user-password .

To make the change, a user would enter his or her account name (the characters before "@"), the old password and the new password (to ensure accuracy, the screen asks for the new password twice). Note that changing the password for a user in the server-manager overrides any previous password entered by your user. Therefore, when a user forgets his password, simply reset it in the server- manager.

 


Important.png Note:
There is no way for the administrator to recover a forgotten password for a user. All they can do is set a new password for the user.


 


Important.png Note:
Password strength checking is too strong. How do I change it?

First a warning - Far too many systems out there have weak passwords and they will be broken into. Educating your users on the necessity of strong passwords is the best option. If that fails, here is how you change the password strength checking from 'strong' to 'normal', which was the setting in previous versions of SME. Be careful to use the exact capitalization.

 config setprop passwordstrength Users normal
 config setprop passwordstrength Ibays normal

It is also possible, but strongly discouraged, to disable password strength checking by setting to 'none'


setting explanation
strong The password is passed through Cracklib for dictionary type word checking as well as requiring upper case, lower case, number, non alpha and a mimimum length of 7 characters.
normal The password requires upper case, lower case, number, non alpha and a minimum length of 7 characters.
none The password can be anything as no checking is done.

Please note that "none" does not mean no password, it just means no password strength checking, so you can enter any (weak) password you want as long as it is at least 7 characters long.