Here is a patch for some password enforcement features I've added to our fork of 1.3.2 at NASA. Not all of it will apply cleanly against a 1.3.2 tree; for example, we have a custom module AdminCustomer.pm that allows us to quickly modify customer user info. The changes to Admin.pm, CustomerPreferences.pm, and AgentPreferences.pm might also require some manual merging, but the code should be easy enough to grok. I think some or all of this might be found in the upcoming OTRS 2.x, but might be useful for folks using 1.3.x that need it NOW. :) New options to Default.pm: + $Self->{PasswordClassEnforce} = 1; + $Self->{PasswordClassMinimum} = 3; + $Self->{PasswordLengthMin} = 6; + $Self->{PasswordLengthMax} = 12; + $Self->{PasswordHistoryEnforce} = 1; + $Self->{PasswordHistoryMinimum} = 5; PasswordClassEnforce is a boolean to enable character class enforcement. PasswordClassMinimum defines the number of unique char classes that must be met (max 4: upper, lower, numerical, symbols). PasswordLengthMin and PasswordLengthMax are self documenting. PasswordHistoryEnforce is a boolean to enable password history tracking. PasswordHistoryMinimum defines the number of passwords in history to compare against. There are two new modules, PasswordValidate.pm and PasswordHistory.pm, that add the new functionalities. There are also two new tables: -- -- Table structure for table `system_user_password_history` -- CREATE TABLE `system_user_password_history` ( `id` bigint(20) NOT NULL auto_increment, `login` varchar(50) NOT NULL default '', `pw` varchar(50) NOT NULL default '', `timestamp` datetime NOT NULL default '0000-00-00 00:00:00', PRIMARY KEY (`id`), KEY `system_user_password_history_login` (`login`) ) TYPE=MyISAM; -- -- Table structure for table `customer_user_password_history` -- CREATE TABLE `customer_user_password_history` ( `id` bigint(20) NOT NULL auto_increment, `login` varchar(50) NOT NULL default '', `pw` varchar(50) NOT NULL default '', `timestamp` datetime NOT NULL default '0000-00-00 00:00:00', PRIMARY KEY (`id`), KEY `customer_user_password_history_login` (`login`) ) TYPE=MyISAM; Enjoy! -- Jason Dixon 301.286.8635 voice NASA / Goddard Space Flight Center jason@nccs.nasa.gov AMTI, Inc. Building 28, Room S212 Code 931