On 09/15/2015 11:00 AM, Tonix - Antonio Nati wrote:
The problem is is that vadduser.c can call vadduser() (in vpopmail.c)
without a password. It does this in the situation where vadduser.c has
had the options "-e" or "-n" passed to it, so if this is the case the
password can't be checked againts the password strength rules. The
underlying function vadduser() needs to be able to add a user with no
Il 15/09/2015 11:03, Drew Wells ha scritto:
In vpopmail-5.5.0 there seems to be a bug in vpopmail.c where the
password strength is checked even if a password isn't used (such as
when -e is used to add the encrypted password). Patch attached.
I do not understand the problem.
Of course password strenght is checked every time, and if it founds a
null/empty password it gives error back if password must have a
Your patch instead permit to have null password even if strenght
policy would not allow it.