Strong Password Suggestion.

C

ccto

Verified User
Joined
Feb 24, 2005
Messages
290
Location
Hong Kong
Hello DA Support,

May DirectAdmin requires user to use String Password (like the password must contains at least 1 capital letter and/or at least 1 numeric character)?

It applies to
- DirectAdmin user account
- FTP accounts
- Email accounts
- Email User Change Password on themselves.
https://xx.xx.xx.xx:2222/CMD_CHANGE_EMAIL_PASSWORD
- MySQL password.

---

It would be nice say if
strong_password=1
in /usr/local/directadmin/conf/directadmin.conf
then, it will includes a onSubmit-event JavaScript to check the user-input password complexity in DA skin level .

---

We would like to prevent some users to input too-simple password.

Thank you very much for your kind attention.
Regards,
 
looking in
/usr/local/directadmin/conf/directadmin.conf
I dont see a enforce_difficult_passwords=
even did a word search on the file so as not to miss it :confused:
looked both in root and through the DA File Edit
I like the idea of having strong passwords and also jmstacey's idea to display password strength (weak or strong).
I have some knowledge in modifying php to add extra features and would like to attempt this (also have a coder friend that guides me :) )


the info listed on helper is
directadmin.conf option to allow enforcing users to use difficult password.
Option is:

enforce_difficult_passwords=1

The default is enforce_difficult_passwords=0, so this will not change anything unless you turn it on.

If enabled, all places that have users enter a new password will be enforced.

Locations that you enter a password but it's only for a password match are not enforced. Example, the cluster option requires a password for a remote server. This example would not be checked because it's up to the other box to use difficult passwords.

The password checking script is:
/usr/local/directadmin/scripts/difficult_password.php
If you wish to make changes to it, copy it to:
/usr/local/directadmin/scripts/custom/difficult_password.php

The default enforcements are both upper and lower case.
Must include numbers
Must be 6 or more characters long.

There is also a commented out check which you can enable, to require users to include "shift characters, like !@#$, etc..
Click to expand...
 
It's not there by default; by default it works as =0. If you want it to work as =1, you add the entire line:
Code: 
enforce_difficult_passwords=1
Don't forget to make sure you're at least at version 1.33.

Jeff
 
Thanks Jeff, I was thinking "After" I posted that perhaps it's default would be no line and not the line with 0 as turned off.
But now I am assured.
Thanks a million :)
 
You must log in or register to reply here.
Back
Top