Greetings, I'll start by saying that I am not a C programmer, but I have been looking through the source code trying to get this functionality to work. Here's my end goal.
The username is converted to lowercase The password is converted to lowercase They are compared and if the same or similar an error is generated. Now, I know that this is similar to the trivial passwords check, but there is a difference that I will explain. I have patched qmailamin 1.2.15 to use the cracklib patch, and that is working well. I enabled trivial password checking and that works, mostly. I have been able to still get by a weak combination using the following: username: TestWeak1 password: TestWeak1 What I believe is happening is that qmailadmin is converting the username to lowercase at some point but leaving the password unaltered. When it does the strstr compare it doesn't match, so it passes the combination as being good. I tried cobbling this together: GetValue(TmpCGI,Newu, "newu=", tolower(Newu)); GetValue(TmpCGI,Password1, "password1=", tolower(Password1)); if ( strstr(Newu,Password1) !=NULL ) { snprintf (StatusMessage, "Bad username and password combination, to similar - %s\n", html_text[175]); adduser(); vclose(); exit(0); } But while that compiles without an error, qmailadmin fails when I try to add a new user. I've tried searching various C programming pages, but without a solid frame of reference I am just taking stabs in the dark. Does anyone have a way to include this functionality?? Thanks, -Adam !DSPAM:4fcc0ea034201610612305!