[prev in list] [next in list] [prev in thread] [next in thread]
List: kolab-devel
Subject: Re: [Kolab-devel] custom Kolab 2.2 patch adding new features for
From: Martin Zapfl <mailinglists () tbits ! net>
Date: 2009-03-10 12:56:24
Message-ID: 200903101356.24905.mailinglists () tbits ! net
[Download RAW message or body]
On Tuesday 10 March 2009 01:45:55 pm Martin Konold wrote:
> Am Dienstag, 10. März 2009 10:36:15 schrieb Martin Zapfl:
> > This is just a security feature for webadmin. As access to kolab webadmin
> > may be public a login with e-mail address and weak password for others is
> > possible. Therefor login access may be restricted for logging in only
> > with UID.
> >
> > It can be enabled or disabled in
> > /kolab/var/kolab/php/admin/include/config.php
>
> So the idea is that it is easier to guess the email address than the uid
> which is supposed to provide extra security?
Yes, the idea is to protect users with a weak password.
>
> (Actually the security should be gained by a hard to guess password(*)
> instead of a hard to guess uid/email-address!?)
In fact the patch also includes the possibility to force strong passwords for
users and/or admins by checking the passwords against regular expressions.
They can be configured under setttings.
>
> Regards,
> -- martin
> (*) I would prever a patch which helps to enforce strong passwords compared
> to the feature to "disable email-address" for login.
_______________________________________________
Kolab-devel mailing list
Kolab-devel@kolab.org
https://kolab.org/mailman/listinfo/kolab-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic