[rt-users] [Warning: Phish?] Re: p*a*s*s*w*o*r*d quality enforcement?
Matt Zagrabelny
mzagrabe at d.umn.edu
Wed Jul 22 09:34:04 EDT 2015
Hey!
On Wed, Jul 22, 2015 at 8:23 AM, Václav Ovsík <vaclav.ovsik at i.cz> wrote:
> Uhm. Seems to me better to include this into RT::User::ValidatePassword
> I tried this right now and seems to be OK (RT version 4.2.11).
> I did a copy of lib/RT/User.pm into local/lib/RT/User.pm and patch it:
>
> commit 96c1079c7efcda70cb0467e5a331c29b6a4a5305
> Author: Vaclav Ovsik <vaclav.ovsik at i.cz>
> Date: Wed Jul 22 14:26:35 2015 +0200
>
> hack ValidatePassword 2/2: cracklib test
>
> diff --git a/local/lib/RT/User.pm b/local/lib/RT/User.pm
> index e65478d..627ce75 100644
> --- a/local/lib/RT/User.pm
> +++ b/local/lib/RT/User.pm
> @@ -304,6 +304,11 @@ sub ValidatePassword {
> return ( 0, $self->loc("Password needs to be at least [quant,_1,character,characters] long", RT->Config->Get('MinimumPasswordLength')) );
> }
>
> + require Crypt::Cracklib;
> + if ( ! Crypt::Cracklib::check($password) ) {
> + return ( 0, $self->loc("Password is too weak (cracklib test)") );
> + }
> +
> return 1;
> }
>
> This is very simple (requires perl CPAN module Crypt::Cracklib). Can it
> be a feature request? :)
I don't know about that. Just a comment on your implementation:
You don't need to copy the whole file. You can overlay just the
subroutine you'd like:
package RT::Site::YourOrg
# any customizations you'd like
# Switch namespace to redefine ValidatePassword
package RT::User;
use strict;
no warnings qw(redefine);
sub ValidatePassword {
# blah
}
1;
Then make sure your module is loaded in your SiteConfig:
Plugin('RT::Site::YourOrg");
-m
More information about the rt-users
mailing list