Kolab/Horde password policy was Re: horde password setting max 8 characters

Gavin McCullagh gavin.mccullagh at gcd.ie
Fri Jul 16 15:12:12 CEST 2010


Hi,

On Fri, 16 Jul 2010, Gavin McCullagh wrote:

> Is there a document which describes the password policy somewhere?

Looking at the source code, it appears that the policy is:

  * strlen(password) >= $policy[minLength] (def: 3)
  * strlen(password) =< $policy[maxLength] (def: 8)
  * must contain at least $password_policy[minUpper] upper case  (def: 0)
  * must contain at least $password_policy[minLower] lower case  (def: 0)
  * must contain at least $password_policy[minNumeric] numerics  (def: 0)
  * must contain at least $password_policy[minAlpha] alphabet chars  (def: 0)
  * must contain at least $password_policy[minAlphaNum] alphanumerics  (def: 0)
  * must contain at least $password_policy[minClasses] classes of character  (def: 0)
  * must contain no more than $password_policy[maxSpace] whitespace characters (def: 0)

and 
  * password != userid
  * password != reverse(userid)
  * password != oldpassword
  * password != reverse(oldpassword)
  * @similar_text(newpassword,oldpassword,) < 80%
  * @similar_text(newpassword,userid,) < 80%

If nobody objects, I'll add this to the wiki.  It seems my password change
was failing based on similarity.

it would be better if the message delivered to the user said something
about similarity.  There's no way my password is easy to guess.

Gavin






More information about the users mailing list