On Sat, Apr 25, 2009 at 5:32 PM, Paul Lesniewski <p...@squirrelmail.org>wrote:
> Can you please *reply* and not forward?
>
sorry for forwards
>
> >>> I am using squirrelmail as default web mail.
> >>> Looking for squirrel alphanumeric password.
> >>>
> >>> As of now my users keep simple words as their mail password.
> >>> Kindly suggest appropriate plugin for the same.
> >>>
> >>> forgot to mention.
> >>> I am using qmail & poppassd for squirrel password change.
> >>
> >> Some password change plugins allow you to put these restrictions in
> >> place. poppassd relies on the system itself to do this, which should
> >> be sufficient. So it's not a SquirrelMail issue. Try using the
> >> passwd command on the command line - change your password to some
> >> simple dictionary word and if it lets you without complaining, then
> >> you need to consult your system documentation to find out why it is so
> >> poorly configured.
> >
> > thanks for the reply.
> > I understand this is not squirrel's job to prevent users from entering
> easy
> > passwords.
> > As I could not find better password change service for qmail I modified
> > existing plugin.
>
> You used code from a very out of date code branch. If you use 1.5.x
> code, use 1.5.2 (which at some point will have some of these kinds of
> checks added to it).
>
> You still don't understand, however, the point that if you run the
> poppassd service and it is not verifying password integrity, your
> users can simply telnet to it and give themselves a weak password.
as I have mail server in DMZ, no one can telnet & change password
>
> That is, your system is poorly configured and this is a security
> weakness. You should fix that and then SquirrelMail wouldn't need to
> be touched.
As I mentioned, I could not found better way to get complex password at the
backend.
thus preferred to modify squirrel plugin.
Reason I put this on blog / mailing list is to share.
>
>
> >
> http://www.linuxreaders.com/2009/04/25/squirrelmail-with-strong-password/
>
>
--
Regards
Dhaval Thakar
http://www.linuxreaders.com/
http://www.jigishthakar.com/
------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensign option that enables unlimited
royalty-free distribution of the report engine for externally facing
server and web deployment.
http://p.sf.net/sfu/businessobjects
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: squirrelmail-users@lists.sourceforge.net
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options):
https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
