Is there a way to configure Dovecot to perhaps filter/enforce which passwords are accepted before authenticating? Ie: Reject immediately (without a database lookup) if password is not X characters in length? ? -- Robert inoc.net!rblayzor XMPP: rblayzor.AT.inoc.net PGP Key: 78BEDCE1 @ pgp.mit.edu
On 08/05/2016 08:41 AM, Robert Blayzor wrote:> Is there a way to configure Dovecot to perhaps filter/enforce which passwords are accepted before authenticating? > > Ie: Reject immediately (without a database lookup) if password is not X characters in length? > > ? >Not sure what the benefit would be, other than helping automated bots figure out your minimum password length based upon the response time.
> On August 5, 2016 at 6:47 PM "Michael A. Peters" <mpeters at domblogger.net> wrote: > > > On 08/05/2016 08:41 AM, Robert Blayzor wrote: > > Is there a way to configure Dovecot to perhaps filter/enforce which passwords are accepted before authenticating? > > > > Ie: Reject immediately (without a database lookup) if password is not X characters in length? > > > > ? > > > > Not sure what the benefit would be, other than helping automated bots > figure out your minimum password length based upon the response time.The response time will be same anyways. Anyways. It is better to enforce this kind of thing when users define the password than during login. Aki