Hi Ernie, > I noticed that the password strength test is a lot harder in 5209R compared > to 5207R which I have been running. It takes a long time to come up with a > password which it accepts, and none of my 5207R passwords are accepted. > > That's a problem for a couple of reasons
You are absolutely correct about this, Ernie. That is why I just published 68 updates which bring the password checker back to the form that we all came to love (and hate) on all other BlueOnyx systems. So after a "yum update" (and a restart of admserv) 5209R will have the same password check as the other BlueOnyx versions. Here is how and why the password check in the initial Beta release was so over the top. I'll explain it for the technically inclined: The "old" password check was done by the PHP module "crack-0.4", which uses cracklib. The latest version of crack-0.4 that is available from PHP.net via PECL is incompatible with PHP-5.4 (or newer). So we couldn't build that. I tried. But couldn't get it to work. We did have other PHP modules that also wouldn't compile. Such as the CCE module that allows PHP scripts to communicate with CCEd. Or the "i18n" PHP module that handles the localization of the GUI. So in an effort of a couple of weeks I replaced these three with native PHP classes. The (new) password checker was done by someone else and the license under which it was published allowed us to use it. The other classes I did myself. Sadly, the new password check was really over the top. So today Chris Gebhardt also complained about it (and I knew others would as well). So I went back and gave crack-0.4 another try. I found a Patch to it for PHP-5.4.16 that was done by the Gentoo maintainers in their own CVS repository and that patch actually works perfectly. So I published an updated sausalito-i18n module with it and also update base-admserv to use crack.so again in its php.ini. Lastly: The majority of the other patches from today fix issues of special characters in passwords. In the past you could set passwords (for MySQL for example) that contain special characters like !$%&' and so on. This is no longer allowed, as certain programs such as PHP or the Perl module to communicate with MySQL cannot support these special characters in passwords. So the MySQL password (and the one for the JSP server) are limited to type 'alphanum_plus', which means: letters, numbers, "-", "." and "_". For user accounts you can use pretty much the entire scope of special characters as before. Even "@^°{[]}\?~*+#';:.,-_<>|" is now a valid password that won't break anything. Well ... except your fingers when you need to type it in manually. :p > Also I noticed that when editing the vsite template settings page using > Firefox and > clicking save, the screen gets a grey mask with a blue progress bar that > just sits there, no way out except to refresh the page. The settings are > being saved ok it's just a graphical glitch of some sort. That's weird. It works fine in my Firefox, so I don't know what to make of that. -- With best regards Michael Stauber _______________________________________________ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx