Email passwords too simple

Hi

When creating or modifying an e-mail account, Is there a way to force users not to put a simple password? Is very usual that they put as password 12345 or the word before the @. Can we force them to create a password with minimum 8 characters and somo uppercase?

Thanks Ignacio

Status: 
Active

Comments

Howdy -- you can indeed setup password restrictions.

To do that, go into Webmin -> System -> Users and Groups -> Module Config -> Password Restrictions.

In there, you can set a minimum password length, amongst other restrictions.

Thanks!

Only rwo things:

1.- Prevent passwords from being the same as the username doesn´t work. 2.- Where does Virtualmin stores dictionary words?

Thanks Ignacio

Hmm, what is the username that you had problems with? I was going to do some testing with a similarly named user, and also test the username format.

Regarding the dictionary words -- it uses dictionary words installed on your system, that's typically either /usr/share/dict/words or /usr/dict/words, depending on your distribution.

I have the same problem with every user I create.

For example: User: ignaciom Pass ignaciom

It doesn´t prevent the user form being created. I have cheked the option in System -> Users and Groups -> Module Config -> Password Restrictions.

Thanks Ignacio

Hi Andrey

If I add words to /usr/share/dict/words (linux.words)... do I have to restart something? The words I have added can still be used as password.

Of course "Prevent passwords that contain the username" is checked.

Thanks Ignacio

Hmm, it sounds like what you're describing is that it allows you to create a user with those particular passwords.

Out of curiosity, if you log into Virtualmin as the user in question, and try to change your password to one that isn't allowed -- does it prevent that?

I'm wondering if maybe those rules are only applied during the change password process, and not the create user process.

I logged in as the user in question and I can change the password to anything I want, even if it is in the dictionary. I have set a minimun 8 characters password but I can modify it to les than 8.

Hi

The words I add to the dictionary in /usr/share/dict/linux.words are being ignored.

Is it possible that there´s another dictionary in other side?

Thanks. Ignacio

Sorry for the delay -- it definitely sounds like some things regarding the password restrictions aren't working properly. I'm going to work with Jamie to determine what's going on.

He's been traveling out of the country, but has just returned... we should be able to get his assistance with this shortly!

I think the problem here is that Virtualmin only looks at /usr/share/dict/words , and not linux.words .

I will fix this in the next Webmin release, but until then you should add to /usr/share/dict/words .

Hi Jamie

/usr/share/dict/words is a symlink pointing to linux.words.

New words are being ignored. Maybe I should restart some service?

No restart should be needed.

Is that file readable by all users, or only root?

Does it help if it is world-readable?

Also, in the file /etc/webmin/useradmin/config , does the line passwd_dict=1 exist?

Permitions is 644 The line passwd_dict=1 does exist.

If I try to put, for example, "delivery" as password the system actually prevents it. But it doesn´t prevent any of the words I add.

Ok, I found a bug that causes the username = password check to not be done properly. This will be fixed in the next Virtualmin release.

Great!

Other thing that is not working is preventing the password from being the same as the username. Do you prefer me to create another Issue with this?

Thanks Ignacio

No, that will be fixed in the next release as well..