Hello, I know that enforcing compliance with a specific password policy is controversial and I have no intention of entering a discussion about the usefulness, technical merits or desirability of password policies here: we currently have a compulsory password policy for all our institutes - this is simply the legal situation. -
We have added a few lines of PHP-code to our OwnCloud installation (current release) so that our setup only accepts new passwords that are at least 8 characters long and use a mixture of digits, upper- and lowercase letters in addition to "special" characters like ",", ";", "&", etc. The attached screen shot shows that the error message reflects in what way a new password does not comply with the MPS password policy (here: two criteria of the policy are not met). We have made a few small changes here: core/lostpassword/controller.php and here: core/lostpassword/templates/resetpassword.php and are happy to share that code. It is very simple to implement variations e.g. a policy that only ensures new passwords have a certain minimum length. Warm regards, Stefan -- Dr. Stefan Vollmar, Dipl.-Phys. Head of IT group Max-Planck-Institut für neurologische Forschung Gleueler Str. 50, 50931 Köln, Germany Tel.: +49-221-4726-213 FAX +49-221-4726-298 Tel.: +49-221-478-5713 Mobile: 0160-93874279 E-Mail: [email protected] http://www.nf.mpg.de
<<inline: nf-pw-comp-f.jpg>>
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Owncloud mailing list [email protected] https://mail.kde.org/mailman/listinfo/owncloud
