Re: [vchkpw] minimum password length/character combination support?
Hello, I tested the patch, but an error occurs for qmailadmin-1.2.16-0.el6.x86_64. Could there be a new version of this patch. Best regards, Nikolay On Thu, Oct 30, 2014 at 1:37 AM, Tom Collins t...@tomlogic.com wrote: Sorry, forgot the link to the QmailAdmin patch: http://sourceforge.net/p/qmailadmin/patches/28/ -Tom On Oct 29, 2014, at 4:32 PM, Tom Collins wrote: I haven't checked the configuration in some time, so I don't know about minimum password requirements. I did recall this patch on SourceForge to call out to cracklib and require a strong password. If you're comfortable with Javascript, you could modify the change password screen to dynamically update a password status (weak, strong, secure) and only enable the change button when both password fields match and meet minimum password requirements. -Tom On Oct 29, 2014, at 11:08 AM, pbre...@purplecat.net pbre...@purplecat.net wrote: Tom, Thanks for the reply. Of course, sorry for the naïve query. Yes we use qmailadmin to allow password changes by end users. And we’ve just found a writeup here: http://mugurel.sumanariu.ro/qmail/qmailadmin-check-if-password-is-strong-enough/ but it seems a little dodgy. There isn’t by any chance a build time variable for qmail admin or something a little more within the source tree than the above patch method? Thanks again for your reply. Sincerely, Peter Brezny Purplecat Networks Inc. www.purplecat.net 828-250-9446 *From:* Tom Collins t...@tomlogic.com *Sent:* Wednesday, October 29, 2014 1:56 PM *To:* vchkpw@inter7.com The vchkpw program verifies the password. Are you wondering about the vpasswd program for changing a password? That's an admin program, and wouldn't typically enforce a password change policy. How do your users currently change their passwords? QmailAdmin? Some other program? You would have to incorporate password requirements into that program, and not the one that validates a password. -Tom On Oct 29, 2014, at 7:42 AM, Peter Brezny wrote: Dear vchkpw@inter7.com, Is there a way to enforce a minimum length and character combination (letters, numbers, upper case) with vchkpw and if not, are there patches or external applications that integrate well with vchkpw to get this functionality? !DSPAM:54551c6e26513275391490!
Re: [vchkpw] minimum password length/character combination support?
The vchkpw program verifies the password. Are you wondering about the vpasswd program for changing a password? That's an admin program, and wouldn't typically enforce a password change policy. How do your users currently change their passwords? QmailAdmin? Some other program? You would have to incorporate password requirements into that program, and not the one that validates a password. -Tom On Oct 29, 2014, at 7:42 AM, Peter Brezny wrote: Dear vchkpw@inter7.com, Is there a way to enforce a minimum length and character combination (letters, numbers, upper case) with vchkpw and if not, are there patches or external applications that integrate well with vchkpw to get this functionality? !DSPAM:54512a5f26519256121473!
Re: [vchkpw] minimum password length/character combination support?
I haven't checked the configuration in some time, so I don't know about minimum password requirements. I did recall this patch on SourceForge to call out to cracklib and require a strong password. If you're comfortable with Javascript, you could modify the change password screen to dynamically update a password status (weak, strong, secure) and only enable the change button when both password fields match and meet minimum password requirements. -Tom On Oct 29, 2014, at 11:08 AM, pbre...@purplecat.net pbre...@purplecat.net wrote: Tom, Thanks for the reply. Of course, sorry for the naïve query. Yes we use qmailadmin to allow password changes by end users. And we’ve just found a writeup here: http://mugurel.sumanariu.ro/qmail/qmailadmin-check-if-password-is-strong-enough/ but it seems a little dodgy. There isn’t by any chance a build time variable for qmail admin or something a little more within the source tree than the above patch method? Thanks again for your reply. Sincerely, Peter Brezny Purplecat Networks Inc. www.purplecat.net 828-250-9446 From: Tom Collins Sent: Wednesday, October 29, 2014 1:56 PM To: vchkpw@inter7.com The vchkpw program verifies the password. Are you wondering about the vpasswd program for changing a password? That's an admin program, and wouldn't typically enforce a password change policy. How do your users currently change their passwords? QmailAdmin? Some other program? You would have to incorporate password requirements into that program, and not the one that validates a password. -Tom On Oct 29, 2014, at 7:42 AM, Peter Brezny wrote: Dear vchkpw@inter7.com, Is there a way to enforce a minimum length and character combination (letters, numbers, upper case) with vchkpw and if not, are there patches or external applications that integrate well with vchkpw to get this functionality? !DSPAM:5451791d26511096114170!
Re: [vchkpw] minimum password length/character combination support?
Sorry, forgot the link to the QmailAdmin patch: http://sourceforge.net/p/qmailadmin/patches/28/ -Tom On Oct 29, 2014, at 4:32 PM, Tom Collins wrote: I haven't checked the configuration in some time, so I don't know about minimum password requirements. I did recall this patch on SourceForge to call out to cracklib and require a strong password. If you're comfortable with Javascript, you could modify the change password screen to dynamically update a password status (weak, strong, secure) and only enable the change button when both password fields match and meet minimum password requirements. -Tom On Oct 29, 2014, at 11:08 AM, pbre...@purplecat.net pbre...@purplecat.net wrote: Tom, Thanks for the reply. Of course, sorry for the naïve query. Yes we use qmailadmin to allow password changes by end users. And we’ve just found a writeup here: http://mugurel.sumanariu.ro/qmail/qmailadmin-check-if-password-is-strong-enough/ but it seems a little dodgy. There isn’t by any chance a build time variable for qmail admin or something a little more within the source tree than the above patch method? Thanks again for your reply. Sincerely, Peter Brezny Purplecat Networks Inc. www.purplecat.net 828-250-9446 From: Tom Collins Sent: Wednesday, October 29, 2014 1:56 PM To: vchkpw@inter7.com The vchkpw program verifies the password. Are you wondering about the vpasswd program for changing a password? That's an admin program, and wouldn't typically enforce a password change policy. How do your users currently change their passwords? QmailAdmin? Some other program? You would have to incorporate password requirements into that program, and not the one that validates a password. -Tom On Oct 29, 2014, at 7:42 AM, Peter Brezny wrote: Dear vchkpw@inter7.com, Is there a way to enforce a minimum length and character combination (letters, numbers, upper case) with vchkpw and if not, are there patches or external applications that integrate well with vchkpw to get this functionality? !DSPAM:54517a3626514956617183!
