Submitted by acid on Tue, 07/30/2013 - 10:36 Pro Licensee
Hi
When creating or modifying an e-mail account, Is there a way to force users not to put a simple password? Is very usual that they put as password 12345 or the word before the @. Can we force them to create a password with minimum 8 characters and somo uppercase?
Thanks Ignacio
Status:
Active
Comments
Submitted by andreychek on Tue, 07/30/2013 - 10:59 Comment #1
Howdy -- you can indeed setup password restrictions.
To do that, go into Webmin -> System -> Users and Groups -> Module Config -> Password Restrictions.
In there, you can set a minimum password length, amongst other restrictions.
Submitted by acid on Tue, 07/30/2013 - 11:57 Pro Licensee Comment #2
Thanks!
Only rwo things:
1.- Prevent passwords from being the same as the username doesn´t work. 2.- Where does Virtualmin stores dictionary words?
Thanks Ignacio
Submitted by andreychek on Tue, 07/30/2013 - 13:12 Comment #3
Hmm, what is the username that you had problems with? I was going to do some testing with a similarly named user, and also test the username format.
Regarding the dictionary words -- it uses dictionary words installed on your system, that's typically either /usr/share/dict/words or /usr/dict/words, depending on your distribution.
Submitted by acid on Wed, 07/31/2013 - 09:30 Pro Licensee Comment #4
I have the same problem with every user I create.
For example: User: ignaciom Pass ignaciom
It doesn´t prevent the user form being created. I have cheked the option in System -> Users and Groups -> Module Config -> Password Restrictions.
Thanks Ignacio
Submitted by acid on Wed, 07/31/2013 - 13:12 Pro Licensee Comment #5
Hi Andrey
If I add words to /usr/share/dict/words (linux.words)... do I have to restart something? The words I have added can still be used as password.
Of course "Prevent passwords that contain the username" is checked.
Thanks Ignacio
Submitted by andreychek on Wed, 07/31/2013 - 13:21 Comment #6
Hmm, it sounds like what you're describing is that it allows you to create a user with those particular passwords.
Out of curiosity, if you log into Virtualmin as the user in question, and try to change your password to one that isn't allowed -- does it prevent that?
I'm wondering if maybe those rules are only applied during the change password process, and not the create user process.
Submitted by acid on Wed, 07/31/2013 - 15:19 Pro Licensee Comment #7
I logged in as the user in question and I can change the password to anything I want, even if it is in the dictionary. I have set a minimun 8 characters password but I can modify it to les than 8.
Submitted by acid on Mon, 08/05/2013 - 09:52 Pro Licensee Comment #8
Hi
The words I add to the dictionary in /usr/share/dict/linux.words are being ignored.
Is it possible that there´s another dictionary in other side?
Thanks. Ignacio
Submitted by andreychek on Mon, 08/05/2013 - 13:01 Comment #9
Sorry for the delay -- it definitely sounds like some things regarding the password restrictions aren't working properly. I'm going to work with Jamie to determine what's going on.
He's been traveling out of the country, but has just returned... we should be able to get his assistance with this shortly!
Submitted by JamieCameron on Mon, 08/05/2013 - 14:42 Comment #10
I think the problem here is that Virtualmin only looks at /usr/share/dict/words , and not linux.words .
I will fix this in the next Webmin release, but until then you should add to /usr/share/dict/words .
Submitted by acid on Tue, 08/06/2013 - 09:31 Pro Licensee Comment #11
Hi Jamie
/usr/share/dict/words is a symlink pointing to linux.words.
New words are being ignored. Maybe I should restart some service?
Submitted by JamieCameron on Tue, 08/06/2013 - 17:00 Comment #12
No restart should be needed.
Is that file readable by all users, or only root?
Submitted by acid on Tue, 08/06/2013 - 20:52 Pro Licensee Comment #13
Only root!
Submitted by JamieCameron on Wed, 08/07/2013 - 00:07 Comment #14
Does it help if it is world-readable?
Also, in the file
/etc/webmin/useradmin/config, does the linepasswd_dict=1exist?Submitted by acid on Wed, 08/07/2013 - 11:36 Pro Licensee Comment #15
Permitions is 644 The line passwd_dict=1 does exist.
If I try to put, for example, "delivery" as password the system actually prevents it. But it doesn´t prevent any of the words I add.
Submitted by JamieCameron on Wed, 08/07/2013 - 14:22 Comment #16
Ok, I found a bug that causes the username = password check to not be done properly. This will be fixed in the next Virtualmin release.
Submitted by acid on Thu, 08/08/2013 - 16:14 Pro Licensee Comment #17
Great!
Other thing that is not working is preventing the password from being the same as the username. Do you prefer me to create another Issue with this?
Thanks Ignacio
Submitted by JamieCameron on Fri, 08/09/2013 - 01:17 Comment #18
No, that will be fixed in the next release as well..