@giacomo That’s nice if the code can be imported as a core feature, no problem with that…I’m only wondering wich core rpm you want that I do a pull request ???
nethserver-password-PassExpires2yes-conf : If the code become a core feature then it needs to be integrated to anterior actions of events (user-modify and user-create). I prefer that the property ‘PassExpire’ is set to yes for each user, it is more clear.
The colouration, why not, no idea on how to do that, but seriously how much admins, do you think, will keep a strong passwordstrengh. I want to bet that a lot will set quickly to none. Maybe It is needed an intermediate level like it exists with SME Server.
The low level of Ibays password for the http access, makes me some interrogations. I do not understand why ? Moreover I would be happy if we can add some users and groups access to ibays with apache. I do love Webdav.
@alefattorini I’m not really enthusiast about a webui for importing users from csv files. Of course that can be done, but I don’t see a real value to a webUI like that. In fact it is destined to sysadmin, and IMHO, they have to use the command line for these tasks. Most of time, it is needed just one time per year, so…
In fact I would be more interested by a module with ddclient…I looked a bit and It could be relatively easy with nethserver-hosts. Either I could fork it, or doing a pull request.
We will add your package among the core packages, maybe directly inside nethserver-iso yum group.
It’s not necessary to have an explicit property. I would like to propose “Yes” as default inside the User configuration page. So each new user will have PassExpire set, but the old ones will be untouched.
If you need help for the web interface, @davidep will be glad to assist you
In the old SME implementation, ibays were system users so the password needed to be strong (we saw many attacks based on weak ibay passwords!). But with the new implementation this is not needed: if the password is stolen, an attacker can only access a read-only web directory.
By the way, we can re-add a check in the future maybe only at web interface level.
Thanks Stéphane for highlighting my position Just to clarify it:
I would not implement a shortcut to change the password policy, anyway the support team says a such feature can help and they asks for it. As @giacomo said: The administrator should really really really discouraged to do so!; that means a scaring message must be displayed at least
As the feature is accepted, I have no problem to include it into a new core package: if possible, I’d limit any modification to existing packages.
I’d prefer to make this an optional package, available from the “Software Center” page.