Password complexity regex

A couple of questions,

1. If I’m authenticating my users via the UNIX authentication on their user settings do I need to change anything about the module config for the ‘Users and Groups’ module in the " Password restrictions" section? To clarify, I know how to make the manual config file changes for the OS to set things like required upper and lower case, special characters etc… min length etc…

2. I do not fully understand if webmin authentication acts completely independently of the OS similarly to how 2FA works in webmin? 2FA auth works differently from the JumpCloud 2FA agent I have installed for the tty/ssh based functionality. I need to understand this because if they do operate independently of each other then I’d need to configure this in both the system and on the webmin in the form of a regex.

3. I looked around and was wondering, would this work on perl for a password complexity regex?
   ^(?=.{10,})(?=.[A-Z])(?=.[a-z])(?=.[0-9])(?=.[^A-Za-z0-9]).*$

At the moment it is only possible to use external password-checking program configured on System ⇾ Users and Groups ⇾ Configuration: Password restrictions page.

Webmin can use system authentication (based on using /etc/shadow) or internal (based on /etc/webmin/miniserv.users).

Webmin can set separate (from system) user password using Webmin ⇾ Webmin Configuration: Edit Webmin User page. For this kind of authentication, Webmin hashing format can be configured using Webmin ⇾ Webmin Configuration: Authentication page.

I looked around and was wondering, would this work on perl for a password complexity regex?
^(?=.{10,})(?=.[A-Z])(?=.[a-z])(?=.[0-9])(?=.[^A-Za-z0-9]).*$

Yes, as we already have a facility for this. However, there is no straightforward way of doing this right now and would require using external password-checking program.

I will add this to my feature request list.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.