Hi, On Sonntag, 10. Januar 2010, Klaus Ade Johnstad wrote: > > 1.) Using LWAT: I can't change 'manual' the password of a user. When > > I search user, click on it and press the button 'New Password', an > > textfield appears, propose me a new password. But I can't change the > > password, because editing is disabled (grey coloured, like the field > > 'username'). But this was possible using etch. Is this a bug or a > > feature? > This is a feature, most sysadmins can't set proper secure passwords :-) Aehm, no. The passwords generated by lwat per default are very simple ones, suited for children 3-6 of age, at maximum. Just last week there was a teacher in #debian-edu whose account was repeatetly compromised, most probably due to using weak passwords generated by lwat. At least he didnt come back after I suggested to use a password generated with "pwgen -s 12" :-) Also see "#457840 please provide alternative pwgen function in lwat". IMO we (=Debian Edu) should change the behaviour of (upstream) lwat, that is to set $allowPwSet = true by default. cheers, Holger
Attachment:
signature.asc
Description: This is a digitally signed message part.