Clément "KPTN" OUDOT
Clément "KPTN" OUDOT
PAM-LDAP is compatible with password policy, this is why it works. PHP-LDAP is not. Your implementation proposition is good, except that checking pwdLockoutDuration is not necessary: if the account is...
We now have ppolicy control support (#156), but we only catch modification issues (password too short, too weak, in history). We could also display if password is expired or account...
Yes, we could indeed use a simple text file as a blacklist, this file could then be updated by any means outside SSP. We can provide a simple blacklist at...
Cracklib usage can be another feature. By the way, the support of cracklib in PHP seems experimental: http://php.net/manual/en/ref.crack.php
Indeed, sorry, I did not see the previous link. If some of you want to propose some code, I'll be happy to review it.
Thanks a lot for this work. Seems we can choose to use grep with escapeshell functions in order to have some security when invoking the command. And this feature will...
@r2evans there is no docker image but it should be easy to build one. Anyway you can use any virtualization tool and install SSP with packages. You need a simple...
Someone told me about [passwqc](http://openwall.com/passwdqc/), and here is an PHP implementation: https://github.com/helver/PHP_passwdqc_check/blob/master/PHP_passwdqc_check/PasswordStrengthTest.inc They provide a 4k words list and use PHP array methods to check it. Not sure it's the...
See also https://github.com/bjeavons/zxcvbn-php
Interesting feature! Should not be to difficult to implement, but for the moment I don't set it to 1.1 because we still have a lot of things to do.