[sork] string length

Eric Rostetter eric.rostetter@physics.utexas.edu
Tue, 2 Jul 2002 16:27:46 -0500


I've implemented code in CVS HEAD to do password checks.  This is probably
a "good thing" as the ldap code has no way to test for good passwords, so
adding this is great for ldap users even if useless for e.g. poppassd users
like myself.  By putting it in main.php it will enforce mimimum checks for
all backends (poppassd, ldap, smbpasswd, etc) and then the backends can
enforce additional checks if desired.

The checks available, which all ship disabled, are:

1) Min password length
2) Max password length
3) Simple (very simple) password strength testing

It does not check for empty/null passwords -- instead just set the minimum
value to something >=1 for this ;)

I've still got commented out code in there to check the password with the
current Horde login password, but have not yet implemented (uncommented) it.
I agree to some extent with Leena Heino who says:

> Feature requests:
> - As one can get users' old password quite easily then, then check
> wheter this is users login password within password module. This allows
> error message to be printed within password module and therefore
> it can be localized.

Localalization here might be a good thing.  Comments from anyone on this
(Chuck?).

I did not use Lenna Heino's patch.  This means that the code is 100%
different, and that the error cascading is still intact. How do others
feel about the cascading error messages?

I've also not yet ported this back to the RELENG_2 version...

-- 
Eric Rostetter
The Department of Physics
The University of Texas at Austin

"TAD (Technology Attachment Disorder) is an unshakable, impractical devotion
to a brand, platform, product line, or programming language. It's relatively
harmless among the rank and file, but when management is afflicted the damage
can be measured in dollars. It's also contagious -- someone with sufficient
political clout can infect an entire organization."

--"Enterprise Strategies" columnist Tom Yager.