[Kolab-devel] custom Kolab 2.2 patch adding new features for ISP functionality

Martin Konold martin.konold at erfrakon.de
Tue Mar 10 14:26:15 CET 2009


Am Dienstag, 10. März 2009 13:56:24 schrieb Martin Zapfl:

Hi Martin,

> > So the idea is that it is easier to guess the email address than the uid
> > which is supposed to provide extra security?
>
> Yes, the idea is to protect users with a weak password.

I consider it a valid requirement to protect users from weak passwords.

IMHO Kolab should support this.

> > (Actually the security should be gained by a hard to guess password(*)
> > instead of a hard to guess uid/email-address!?)
>
> In fact the patch also includes the possibility to force strong passwords
> for users and/or admins by checking the passwords against regular
> expressions. They can be configured under setttings.

IMHO this is not the correct and optimal approach. Maintining these regular 
expressions is cumbersome and errorprone.

> > (*) I would prever a patch which helps to enforce strong passwords
> > compared to the feature to "disable email-address" for login.

Please have a look at "man 5 slapo-ppolicy".

slapo-ppolicy has support for 

- password aging minimum age
- password aging maximum age
- password reuse
- password duplication
- account time-outs
- mandatory password resets
- acceptable password content
- and even grace logins

Different groups of users may be associated with different password policies, 
and there is no limit to the number of password policies that may be created.

Are you willing to implement the use of slapo-ppolicy into Kolab?

Yours,
-- martin

-- 
e r f r a k o n
Erlewein, Frank, Konold & Partner - Beratende Ingenieure und Physiker
Sitz: Adolfstraße 23, 70469 Stuttgart, Partnerschaftsregister Stuttgart PR 126
http://www.erfrakon.com/




More information about the devel mailing list