Problem: Password complexity is not met

Problem

I have set a password policy in both Samba and UCR which requires an uppercase letter, a lowercase letter, a number and a special character. When I now click on Change Password in the Univention Portal, the password is accepted even if only three of these guidelines are met. However, I want all four to be fulfilled.

Solution

This is not a mistake but therefore justified that the Self-Service Portal authenticate against Samba in the background and with samba we are “only” Microsoft Windows AD compatible. Microsoft defines it like this:

Passwords must contain characters from three of the following five categories

  • Uppercase characters of European languages (A through Z, with diacritic marks, Greek and Cyrillic characters)
  • Lowercase characters of European languages (a through z, sharp-s, with diacritic marks, Greek and Cyrillic characters)
  • Base 10 digits (0 through 9)
  • Nonalphanumeric characters: ~!@#$%^&*_-+=|(){}[]:;"’<>,.?/[`
  • Any Unicode character that is categorized as an alphabetic character but is not uppercase or lowercase. This includes Unicode characters from Asian languages.

Further Information

:uk:

:de:

Please read also: How-to: Align Password Policies across Directory Services

Mastodon