[rt-users] [Warning: Phish?] Re: p*a*s*s*w*o*r*d quality enforcement?

Matt Zagrabelny mzagrabe at d.umn.edu
Wed Jul 22 09:34:04 EDT 2015


Hey!

On Wed, Jul 22, 2015 at 8:23 AM, Václav Ovsík <vaclav.ovsik at i.cz> wrote:

> Uhm. Seems to me better to include this into RT::User::ValidatePassword
> I tried this right now and seems to be OK (RT version 4.2.11).
> I did a copy of lib/RT/User.pm into local/lib/RT/User.pm and patch it:
>
> commit 96c1079c7efcda70cb0467e5a331c29b6a4a5305
> Author: Vaclav Ovsik <vaclav.ovsik at i.cz>
> Date:   Wed Jul 22 14:26:35 2015 +0200
>
>     hack ValidatePassword 2/2: cracklib test
>
> diff --git a/local/lib/RT/User.pm b/local/lib/RT/User.pm
> index e65478d..627ce75 100644
> --- a/local/lib/RT/User.pm
> +++ b/local/lib/RT/User.pm
> @@ -304,6 +304,11 @@ sub ValidatePassword {
>          return ( 0, $self->loc("Password needs to be at least [quant,_1,character,characters] long", RT->Config->Get('MinimumPasswordLength')) );
>      }
>
> +    require Crypt::Cracklib;
> +    if ( ! Crypt::Cracklib::check($password) ) {
> +        return ( 0, $self->loc("Password is too weak (cracklib test)") );
> +    }
> +
>      return 1;
>  }
>
> This is very simple (requires perl CPAN module Crypt::Cracklib). Can it
> be a feature request? :)

I don't know about that. Just a comment on your implementation:

You don't need to copy the whole file. You can overlay just the
subroutine you'd like:

package RT::Site::YourOrg

# any customizations you'd like

# Switch namespace to redefine ValidatePassword
package RT::User;

use strict;
no warnings qw(redefine);

sub ValidatePassword {
# blah
}

1;

Then make sure your module is loaded in your SiteConfig:

Plugin('RT::Site::YourOrg");

-m



More information about the rt-users mailing list