Opened 8 years ago
Closed 8 years ago
#301 closed defect (fixed)
Minimum password length enforcement is inconsistent
| Reported by: | Lewis Rosenthal | Owned by: | |
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | Samba Server GUI Tools | Version: | Server 3.6.x |
| Keywords: | Cc: |
Description
During install, I created root with a 4-character password. I was also advised that at some point I should create a "user" user (predefined usernames are rarely a good thing, but we can have that discussion another day).
Later, I attempted to create a "user" user (in smbusers) with the same 4-character password, and was advised that the password was too short.
- I can find no setting in smbusers or in sscc to set a minimum password length.
- It seems oddly inconsistent that I was able to create a root password of only four characters, yet that is now too short for standard users, even when I have the null password option selected in sscc (Global, page 1).
Change History (3)
comment:1 by , 8 years ago
comment:2 by , 8 years ago
While a password length of 4 is valid and possible at this point, Samba later enforces a minimum length of 5.
The behaviour of the password field has been changed to write letters in red as lang as 4 or less letters were entered. While it is still possible to create a 4 letter root password, the user is advised not to use this.
In case the user insists on the 4 letter password in sscc, he will still be barfed at smbusers to use 5 char password minimum length per default.
comment:3 by , 8 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
This is a known issue.
They set minimum password length to 5 some time back. This can be changed to 4 on the policy page in smbusers.
Anyway, should be made consistent.