Possible issue with password quality settings in SSP 1.6 #928
Comments
|
Please set |
|
Okay... so, if I set $pwd_min_length = 10, I get the "insufficient quality" error in the browser, but no entries in audit.log from those attempts. If I set it to 0, then I'll get an "ldaperror" from my #918 problem. I tried the F12 developer console in my browser, but wasn't seeing any errors being thrown out. Regardless of the setting, I am getting a Smarty error in the error.log of Nginx whenever I do try to do a password reset. I don't think its the cause of the quality check error, but might be useful as a data point.
|
|
Check the error log (depending on your installation, in Apache log or PHP FPM log) Audit log is only here to trace events |
|
There is nothing in the PHP FPM or Nginx logs that correlates to my attempts at a reset with the check enabled. |
Hey all. Per mention in #918, whenever I have the config.inc.local.php file set to use any password quality values (length or special chars), it declines the new password with a "Insufficient quality" error. Digging into the code, I believe the error is tied to behavior in lib/functions.inc.php or htdocs/js/ppolicy.js. I had SonarLint installed, and it found a number of warnings with the code in regards to boolean condition matching; test editing to resolve most of those issues did not change the situation. $pwd_check_entropy is set to false in the config file, so ZXCVBN shouldn't be a factor here.
SSP 1.6 using Debian 12 package install
The text was updated successfully, but these errors were encountered: