2,411
edits
Changes
Jump to navigation
Jump to search
Line 316:
Line 316: + − You are strongly advised not to use weak passwords on your sme server as this only reduces security.+ − Note also that pam authentication requires that passwords be at least 7 characters long, so setting a password that is shorter than that may cause other problems later.+ − + − The available setting choices are:+ − + − + − + − + − + − + + + + + − + Line 336:
Line 341: − + − − eg Although strongly discouraged, to disable password strength checking for Users do:+ − + Line 347:
Line 351: − + − + − + − + − − − − − + − http://bugs.contribs.org/show_bug.cgi?id=161+
SME Server:Documentation:FAQ (view source)
Revision as of 09:36, 28 August 2007
, 09:36, 28 August 2007Modified layout and content
*How can I change password strength & what do the strength settings mean?
*How can I change password strength & what do the strength settings mean?
{{Warning box|It is strongly advised not advised not to set the password strength setting to ''none'' as this will lower the security of your server significantly.}}
{{Note box|PAM authentication requires passwords to be at least 7 characters long, so setting a password that is shorter than that may cause other problems later.}}
The following settings are available to specify the password strength on SME Server:
{|
! setting
! explanation
strong = The password is passed through Cracklib for dictionary type word checking as well as requiring upper case, lower case, number, non alpha & 7 characters.
|-
| ''strong''
normal = The password requires upper case, lower case, number, non alpha & 7 characters.
| The password is passed through Cracklib for dictionary type word checking as well as requiring upper case, lower case, number, non alpha and a mimimum length of 7 characters.
|-
none = The password can be anything as no checking is done.
| ''normal''
| The password requires upper case, lower case, number, non alpha and a minimum length of 7 characters.
|-
| ''none''
| The password can be anything as no checking is done.
Please note that "none" does not mean no password, it just means no password strength checking, so you can enter any (weak) password you want.
Please note that "none" does not mean no password, it just means no password strength checking, so you can enter any (weak) password you want.
|}
To set password strength do:
To set password strength do:
config setprop passwordstrength Users strengthvalue
config setprop passwordstrength Users strengthvalue
config setprop passwordstrength Ibays strengthvalue
config setprop passwordstrength Ibays strengthvalue
where strengthvalue = strong or normal or none
where strengthvalue is one of the entries listed in the table above.
e.g.
config setprop passwordstrength Users none
config setprop passwordstrength Users normal
To review the current settings do:
To review the current settings do:
which should display something like:
which should display something like:
passwordstrength=configuration
passwordstrength=configuration
Admin=strong
Admin=strong
Ibays=strong
Users=strong
Ibays=strong
Users=strong
References:
References:
https://sourceforge.net/tracker/?func=detail&atid=615772&&aid=1228269&group_id=96750
<ol></li><li>[https://sourceforge.net/tracker/?func=detail&atid=615772&&aid=1228269&group_id=96750 Old Bugtracker on SF.net: Sme7a22 - user passwords]
</li><li>[[Bugzilla:161]]</li></ol>
===Hard Drives, RAID's, USB Hard Drives===
===Hard Drives, RAID's, USB Hard Drives===