[rt-users] p*a*s*s*w*o*r*d quality enforcement?

Matt Zagrabelny mzagrabe at d.umn.edu
Fri Jul 17 10:05:49 EDT 2015


On Fri, Jul 17, 2015 at 6:55 AM, Václav Ovsík <vaclav.ovsik at i.cz> wrote:
> Hi,
> is there any way to set password quality enforcement better then its
> minimal length ($MinimumPasswordLength)?

There is a BeforeUpdate callback in
share/html/Admin/Users/Modify.html. Without looking deeper at the code
I don't know if that will also catch "new" user creation.

You'd have to write a little bit of code and put it in the callback
and fail accordingly if the password didn't meet your requirements.

> I mean something like
>  http://sourceforge.net/projects/cracklib
>  http://www.openwall.com/passwdqc/
> or so.
>
> Tried Anyone John The Ripper successfully with RT password hashes?

We use an SSO in front of RT - so no need to have local hashes.

-m



More information about the rt-users mailing list