• User password problem

    From Mark i@VERT to All on Tue May 24 09:05:21 2022
    Hello. Can someone please tell me where I can find the setting for the user password length and requirements?

    My new users try to sign up when they get to creating their own password it keeps coming up the "password to obvious" message no matter what they enter. They end up dropping carrier.

    How can I change that so they can enter any password they want. I can't find it in BBS config

    Thanks
    Mark

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Andre@VERT/RDOMENTR to Mark i on Tue May 24 12:17:24 2022
    Re: User password problem
    By: Mark i to All on Tue May 24 2022 09:05 am

    How can I change that so they can enter any password they want. I can't find it in BBS config

    Tell them to stop trying to use 1234, 4321, ABCD, or ZYXW. Or change the hardcoded checks for that.


    - Andre

    ---
    þ Synchronet þ Radio Mentor BBS - bbs.radiomentor.org
  • From Mark i@VERT to Andre on Tue May 24 10:53:36 2022
    Hi. They are not using those passwords . I tried using my daughters middle name and birth date. Then just random numbers. Still get the message.

    Do you know where the hard coding is? Which file?

    Thanks

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Digital Man@VERT to Mark i on Tue May 24 12:09:48 2022
    Re: User password problem
    By: Mark i to All on Tue May 24 2022 09:05 am

    Hello. Can someone please tell me where I can find the setting for the user password length and requirements?

    SCFG->System:
    Users Can Change Password Yes, 4 chars minimum

    Also, the file text/password.can


    My new users try to sign up when they get to creating their own password it keeps coming up the "password to obvious" message no matter what they enter. They end up dropping carrier.

    How can I change that so they can enter any password they want. I can't find it in BBS config

    Some obvious passwords are always disallowed from str.cpp->sbbs_t::chkpass(). Here's that logic:

    if((unique && user->pass[0]
    && (strstr(pass,user->pass) || strstr(user->pass,pass)))
    || (name[0]
    && (strstr(pass,name) || strstr(name,pass)))
    || strstr(pass,alias) || strstr(alias,pass)
    || strstr(pass,first) || strstr(first,pass)
    || (last[0]
    && (strstr(pass,last) || strstr(last,pass)))
    || strstr(pass,handle) || strstr(handle,pass)
    || (user->zipcode[0]
    && (strstr(pass,user->zipcode) || strstr(user->zipcode,pass)))
    || (sysname[0]
    && (strstr(pass,sysname) || strstr(sysname,pass)))
    || (sysop[0]
    && (strstr(pass,sysop) || strstr(sysop,pass)))
    || (cfg.sys_id[0]
    && (strstr(pass,cfg.sys_id) || strstr(cfg.sys_id,pass)))
    || (cfg.node_phone[0] && strstr(pass,cfg.node_phone))
    || (user->phone[0] && strstr(user->phone,pass))
    || !strncmp(pass,"QWER",3)
    || !strncmp(pass,"ASDF",3)
    || !strncmp(pass,"!@#$",3)
    )
    {
    bputs(text[PasswordObvious]);
    return(false);
    }
    --
    digital man (rob)

    This Is Spinal Tap quote #42:
    What day the Lord created Spinal Tap and couldn't he have rested on that day? Norco, CA WX: 76.0øF, 56.0% humidity, 8 mph SSE wind, 0.00 inches rain/24hrs ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net