coudot
commented
3 months ago Please set $debug to true and provide the logs.
Open unquietwiki opened 3 months ago
coudot
commented
3 months ago Please set $debug to true and provide the logs.
unquietwiki
commented
3 months ago Okay... so, if I set $pwd_min_length = 10, I get the "insufficient quality" error in the browser, but no entries in audit.log from those attempts. If I set it to 0, then I'll get an "ldaperror" from my #918 problem. I tried the F12 developer console in my browser, but wasn't seeing any errors being thrown out.
Regardless of the setting, I am getting a Smarty error in the error.log of Nginx whenever I do try to do a password reset. I don't think its the cause of the quality check error, but might be useful as a data point.
PHP message: PHP Deprecated: Creation of dynamic property Smarty_Internal_Template::$compiled is deprecated in /usr/share/php/smarty3/sysplugins/smarty_internal_template.php on line 719;
coudot
commented
3 months ago Check the error log (depending on your installation, in Apache log or PHP FPM log)
Audit log is only here to trace events
unquietwiki
commented
3 months ago There is nothing in the PHP FPM or Nginx logs that correlates to my attempts at a reset with the check enabled.
Hey all. Per mention in #918, whenever I have the config.inc.local.php file set to use any password quality values (length or special chars), it declines the new password with a "Insufficient quality" error. Digging into the code, I believe the error is tied to behavior in lib/functions.inc.php or htdocs/js/ppolicy.js. I had SonarLint installed, and it found a number of warnings with the code in regards to boolean condition matching; test editing to resolve most of those issues did not change the situation. $pwd_check_entropy is set to false in the config file, so ZXCVBN shouldn't be a factor here.
SSP 1.6 using Debian 12 package install