MinPasswordLength Not Working

Thomas_Simmons1 · August 16, 2012, 2:02pm

Hello,

I am unable to get minimum password length enforcement working on a new 4.0.4 install. I have added:

Set($MinPasswordLength , ‘10’);

Thomas_Simmons1 · August 16, 2012, 2:17pm

Apologies, my message was sent before I finished it.

I am unable to get minimum password length enforcement working on a new 4.0.4 install. I have added:

Set($MinPasswordLength , ‘10’);

to my RT_SiteConfig.pm, stopped Apache, cleared the mason cache and restarted Apache, however the new settings do not take effect. RT still accepts a 5 character password and if I try a password with less than 5 characters, RT still states the minimum length is still 5.

While searching online, I found this old thread where someone was experiencing the same problem with 3.8.2.
http://old.nabble.com/MinPasswordLength-and-additional-password-rules-td23560536.html

Can someone advise - is this a long-standing bug? Was support for MinPasswordLength removed at some point? I appreciate any input.

Thanks,
ThomasFrom: Thomas Simmons
Sent: Thursday, August 16, 2012 10:03 AM
To: ‘rt-users@lists.bestpractical.com’
Subject: MinPasswordLength Not Working

Hello,

I am unable to get minimum password length enforcement working on a new 4.0.4 install. I have added:

Set($MinPasswordLength , ‘10’);

Kevin_Falcone · August 16, 2012, 5:04pm

I am unable to get minimum password length enforcement working on a new 4.0.4 install. I have
added:

Set($MinPasswordLength , ‘10’);

to my RT_SiteConfig.pm, stopped Apache, cleared the mason cache and restarted Apache, however
the new settings do not take effect. RT still accepts a 5 character password and if I try a
password with less than 5 characters, RT still states the minimum length is still 5.

While searching online, I found this old thread where someone was experiencing the same
problem with 3.8.2.

[1]http://old.nabble.com/MinPasswordLength-and-additional-password-rules-td23560536.html

Can someone advise - is this a long-standing bug? Was support for MinPasswordLength removed at
some point? I appreciate any input.

The config option is called MinimumPasswordLength, not
MinPasswordLength. It works fine for me.

-kevin

Paul_Tomblin · August 16, 2012, 5:08pm

The config option is called MinimumPasswordLength, not
MinPasswordLength. It works fine for me.

And just as an aside, if you force your users to use 10 character
passwords, I can guarantee that most of them will have them written down
on a post-it note, either right on their screen, or under their desk
drawer. Hackers know this. Heck, even janitors know this.

http://www.linkedin.com/in/paultomblin
http://careers.stackoverflow.com/ptomblin

Thomas_Simmons1 · August 16, 2012, 6:08pm

Thank you, Kevin. That works!

All of the documentation I found stated MinPasswordLength. Do you have the ability to correct this information on the page below? The first one looks like it was last updated by you, but it’s “wiki-archive”, so I don’t know if it can be updated at all?

http://wiki-archive.bestpractical.com/view/SiteConfig/4819

Also here (I don’t know if this is “Official RT documentation”)

http://requesttracker.wikia.com/wiki/SiteConfig

And there is this random page?

http://requesttracker.wikia.com/wiki/MinPasswordLength

Again, thanks for your help.-----Original Message-----
From: rt-users-bounces@lists.bestpractical.com [mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Kevin Falcone
Sent: Thursday, August 16, 2012 1:05 PM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] MinPasswordLength Not Working

On Thu, Aug 16, 2012 at 02:17:49PM +0000, Thomas Simmons wrote:

I am unable to get minimum password length enforcement working on a new 4.0.4 install. I have
added:

Set($MinPasswordLength , ‘10’);

to my RT_SiteConfig.pm, stopped Apache, cleared the mason cache and restarted Apache, however
the new settings do not take effect. RT still accepts a 5 character password and if I try a
password with less than 5 characters, RT still states the minimum length is still 5.

While searching online, I found this old thread where someone was experiencing the same
problem with 3.8.2.

[1]http://old.nabble.com/MinPasswordLength-and-additional-password-rul
es-td23560536.html

Can someone advise - is this a long-standing bug? Was support for MinPasswordLength removed at
some point? I appreciate any input.

The config option is called MinimumPasswordLength, not MinPasswordLength. It works fine for me.

-kevin

Kevin_Falcone · August 20, 2012, 2:35pm

All of the documentation I found stated MinPasswordLength.

The official documentation that ships with RT is
/opt/rt4/etc/RT_Config.pm for config options.

Do you have the ability to correct this information on the page below?
The first one looks like it was last updated by you, but it’s “wiki-
archive”, so I don’t know if it can be updated at all?

http://wiki-archive.bestpractical.com/view/SiteConfig/4819

As you noted, this is old and out of date

Also here (I don’t know if this is “Official RT documentation”)

http://requesttracker.wikia.com/wiki/SiteConfig

http://requesttracker.wikia.com/wiki/MinPasswordLength

These can both be updated by anyone since they’re wiki pages.
You don’t even need to make a wikia account to fix them.

-kevin