[Kolab-devel] custom Kolab 2.2 patch adding new features for ISP functionality
Martin Konold
martin.konold at erfrakon.de
Tue Mar 10 13:45:55 CET 2009
Am Dienstag, 10. März 2009 10:36:15 schrieb Martin Zapfl:
> This is just a security feature for webadmin. As access to kolab webadmin
> may be public a login with e-mail address and weak password for others is
> possible. Therefor login access may be restricted for logging in only with
> UID.
>
> It can be enabled or disabled in
> /kolab/var/kolab/php/admin/include/config.php
So the idea is that it is easier to guess the email address than the uid which
is supposed to provide extra security?
(Actually the security should be gained by a hard to guess password(*) instead
of a hard to guess uid/email-address!?)
Regards,
-- martin
(*) I would prever a patch which helps to enforce strong passwords compared to
the feature to "disable email-address" for login.
--
e r f r a k o n
Erlewein, Frank, Konold & Partner - Beratende Ingenieure und Physiker
Sitz: Adolfstraße 23, 70469 Stuttgart, Partnerschaftsregister Stuttgart PR 126
http://www.erfrakon.com/
More information about the devel
mailing list