[Kolab-devel] custom Kolab 2.2 patch adding new features for ISP functionality

Martin Zapfl mailinglists at tbits.net
Tue Mar 10 13:56:24 CET 2009


On Tuesday 10 March 2009 01:45:55 pm Martin Konold wrote:
> Am Dienstag, 10. März 2009 10:36:15 schrieb Martin Zapfl:
> > This is just a security feature for webadmin. As access to kolab webadmin
> > may be public a login with e-mail address and weak password for others is
> > possible. Therefor login access may be restricted for logging in only
> > with UID.
> >
> > It can be enabled or disabled in
> > /kolab/var/kolab/php/admin/include/config.php
>
> So the idea is that it is easier to guess the email address than the uid
> which is supposed to provide extra security?

Yes, the idea is to protect users with a weak password. 

>
> (Actually the security should be gained by a hard to guess password(*)
> instead of a hard to guess uid/email-address!?)

In fact the patch also includes the possibility to force strong passwords for 
users and/or admins by checking the passwords against regular expressions. 
They can be configured under setttings.

>
> Regards,
> -- martin
> (*) I would prever a patch which helps to enforce strong passwords compared
> to the feature to "disable email-address" for login.





More information about the devel mailing list