Hi, On Sonntag, 10. Januar 2010, Klaus Ade Johnstad wrote: > > 1.) Using LWAT: I can't change 'manual' the password of a user. When > > I search user, click on it and press the button 'New Password', an > > textfield appears, propose me a new password. But I can't change the > > password, because editing is disabled (grey coloured, like the field > > 'username'). But this was possible using etch. Is this a bug or a > > feature? > This is a feature, most sysadmins can't set proper secure passwords :-)
Aehm, no. The passwords generated by lwat per default are very simple ones,
suited for children 3-6 of age, at maximum.
Just last week there was a teacher in #debian-edu whose account was repeatetly
compromised, most probably due to using weak passwords generated by lwat. At
least he didnt come back after I suggested to use a password generated
with "pwgen -s 12" :-)
Also see "#457840 please provide alternative pwgen function in lwat".
IMO we (=Debian Edu) should change the behaviour of (upstream) lwat, that is
to set $allowPwSet = true by default.
cheers,
Holger
signature.asc
Description: This is a digitally signed message part.
