https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25934 --- Comment #2 from David Cook <dcook@prosentient.com.au> --- (In reply to Katrin Fischer from comment #1)
There was discussion in the past about having some kind of plugin structure (bug 13664).
I was thinking about that a little bit. I mean password managers let you set length and character sets, so it does make sense for it to be a bit configurable. The dictionaries/common passwords would need to be configurable too. I think storing old password hashes and not matching username/password should just be baked in.
I think 1. might not be agreeable to some (unless you mean it would only enforce length in combination with another setting). There were libraries very much insisting on such short passwords.
That's unfortunate although that's a good point. Personally, I'd like strong defaults, and then people who choose weaker policies would have to accept the risk that brings. -- You are receiving this mail because: You are watching all bug changes.