WackoWiki

View source for Re: How is minimum user password length determined?

Hi WikiAdmin :-)

There seems to be a more fundamental issue occuring. I'm using the Admin panel now and Wacko will not save a change to "Minimum password length" from 10 to 8, the "tooltip"(?) reports the "Value must be greater than or equal to 10." (changing the value to 8 and clicking [Save] results in the cursor being positioned in the field and the tooltip being displayed).

I presume there must be a hard-coded minimum of 10 characters to protect users from themselves. Do I understand correctly? I would like to intentionally allow 8-character passwords with no security check, no email confirmation, no captcha, etc. Is there a file I can manually edit to allow 8-character passwords?

https://i.imgur.com/QNxpcRQ.png

Re admin not being able to change a user password...  I noted this simply as an inconsistency - that if the admin could specify the password for a new user, why can they not change the password of an existing user?

However, I agree the password recovery process could not be used if it requires the user to have access to the email account in their profile, and the admin being able to change the password would be a solution. Another use case might be to change the password if the user has locked themself out by entering a bad password too many times (if enabled), or in environments in which the admin controls the passwords. I can't say if this feature "should" be added but Imho it would improve general admin management and certainly be appreciated when and if needed.

Btw, is authentication via LDAP supported? (which would of course change workflows related to passwords). Iiuc, I found this patch in the forum, but from the call for help I'm guessing it works for v4.3 but not v6.x. ((/Dev/PatchesHacks/LDAPGroups))