ISPConfig 3.0.5.4p1, Debian Squeeze (6.0.9) I have set our password strength to strong and password length to 8, but the password generator for DB, FTP and other still suggests passwords under strength and below 8 characters. Is this a bug in ISPConfig and/or something I can fix myself?
Click on reload in your browser to reload the ispconfig interface. the password generator is a javascript program, your browser has cached the old strength settings.
Hi and thanks for the fast reply. Yes the password length is now up where it should be, but password strength is still not where it should be, suggesting 'Good' when I specified 'Strong'.
Yes, your right. sometimes there is a password with just good strength. I've added this to the bugtracker.
I've run across this issue as well. Is there a way to modify what the password generator will generate? Can we specify that it should include at least 2 special characters as well? Thanks!
Hi, I'm using 3.0.5.4p5 and just tested the password-recovery. The minimum password length is set to 12 and the strenght to very strong. But the password in the reset-e-mail is just 8 letters. Can you reproduce that? Is there a quick way to fix this?
Thanks for the report. There is no quick fix yet, but we'll try to create a patch during the next days.
We had a nice idea as workaround. We concat three of these 8-letter passwords, send these by mail, and so it's very likely that the customer will change the password afterwards. And then he gets the right strength and lenght. Since it's also not perfect to send passwords by mail, it's a nice way of "forcing" the customer to change the password by himself.
You can try the attached patch, but please make a backup of the interface/lib/classes/auth.inc.php and interface/web/login/password_reset.php before applying it. You can apply by: Code: cd /usr/local/ispconfig patch -p0 < /path/to/downloaded_patch/lostpw_patch.txt Use at your own risk, as it is an unreleased patch.