[Kolab-devel] custom Kolab 2.2 patch adding new features for ISP functionality

Martin Konold martin.konold at erfrakon.de
Tue Mar 10 13:45:55 CET 2009


Am Dienstag, 10. März 2009 10:36:15 schrieb Martin Zapfl:
> This is just a security feature for webadmin. As access to kolab webadmin
> may be public a login with e-mail address and weak password for others is
> possible. Therefor login access may be restricted for logging in only with
> UID.
>
> It can be enabled or disabled in
> /kolab/var/kolab/php/admin/include/config.php

So the idea is that it is easier to guess the email address than the uid which 
is supposed to provide extra security?

(Actually the security should be gained by a hard to guess password(*) instead 
of a hard to guess uid/email-address!?)

Regards,
-- martin
(*) I would prever a patch which helps to enforce strong passwords compared to 
the feature to "disable email-address" for login.

-- 
e r f r a k o n
Erlewein, Frank, Konold & Partner - Beratende Ingenieure und Physiker
Sitz: Adolfstraße 23, 70469 Stuttgart, Partnerschaftsregister Stuttgart PR 126
http://www.erfrakon.com/




More information about the devel mailing list