On 09/15/2015 11:00 AM, Tonix - Antonio Nati wrote:
Il 15/09/2015 11:03, Drew Wells ha scritto:
In vpopmail-5.5.0 there seems to be a bug in vpopmail.c where the
password strength is checked even if a password isn't used (such as
when -e is used to add the encrypted password). Patch attached.
I do not understand the problem.
Of course password strenght is checked every time, and if it founds a
null/empty password it gives error back if password must have a
minimum lenght.
Your patch instead permit to have null password even if strenght
policy would not allow it.
Regards,
Tonino
The problem is is that vadduser.c can call vadduser() (in vpopmail.c)
without a password. It does this in the situation where vadduser.c has
had the options "-e" or "-n" passed to it, so if this is the case the
password can't be checked againts the password strength rules. The
underlying function vadduser() needs to be able to add a user with no
password.
!DSPAM:55f8173d41558919512318!
