I have set a password policy in both Samba and UCR which requires an uppercase letter, a lowercase letter, a number and a special character. When I now click on Change Password in the Univention Portal, the password is accepted even if only three of these guidelines are met. However, I want all four to be fulfilled.
This is not a mistake but therefore justified that the Self-Service Portal authenticate against Samba in the background and with samba we are “only” Microsoft Windows AD compatible. Microsoft defines it like this:
“Passwords must contain characters from three of the following five categories”
- Uppercase characters of European languages (A through Z, with diacritic marks, Greek and Cyrillic characters)
- Lowercase characters of European languages (a through z, sharp-s, with diacritic marks, Greek and Cyrillic characters)
- Base 10 digits (0 through 9)
- Nonalphanumeric characters:
- Any Unicode character that is categorized as an alphabetic character but is not uppercase or lowercase. This includes Unicode characters from Asian languages.
Please read also: How-to: Align Password Policies across Directory Services