Well, as nobody posted an answer I did some tests and here's what I've
found:
With cdb auth using vpasswd file is just fine to use it for passwd auditing
with John The Ripper.
It works also when a user has changed the passwd with SqWebMail.
I think John is the best suited for this as it can mail the user a warning
if it's passwd is weak.
I have copied vpasswd file to a Linux SuSE 7.0 where I have john the ripper
version 1.6.22-DEV
Hope that helps someone concerned about mail users privacy
Franco Galian.
----- Original Message -----
From: "Franco Galian" <[EMAIL PROTECTED]>
To: "vchkpw" <[EMAIL PROTECTED]>
Sent: Wednesday, January 31, 2001 7:04 AM
Subject: Auditing passwds
> Hi, I've noticed that when I create an account, first the system updates
> vpasswd and then it updates vpasswd.cdb. It's that right? because I am
> willing to do an audit to user passwds, so I just could use vpasswd file
for
> example with john the ripper, anybody has tryed this?
>
> Thanks in advance
>
> Franco Galian
> PS: I have qmail 1.0.3 + vpopmail 4.9.8.+ ezmlm(0.53)-idz(0.40) +
qmailadmin
> 0.42 + sqwebmail 1.23 running at an OpenBSD 2.8 box
>
>
