Univention Bugzilla – Bug 52053
Samba password complexity check allows username in password
Last modified: 2023-07-24 14:06:57 CEST
The password complexity check in Samba (4.10) doesn't complain if a new password contains the username and I guess the same holds for the parts of the displayName. The standard Microsoft password complexity criteria state that this should prevented: https://docs.microsoft.com/de-de/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements Note: In univention.password.Check() I implemented this additional check separately in Python (Bug #51994), but that's not called when changing the password via Samba.
A customer would like to enforce password policy complexity in his environment. If a user is changing his/her password the user should be able to change their password but they should not include their username (and Domain name). This is the customers requirement, but unfortunately it is not working