Written on April 25, 2009 at 3:00 pm by

SquirrelMail with Strong password

Filed under Linux {4 comments}

I am using Squirrelmail for my Qmail, with poppassd service to change password.

This works fine, except password change. It by default allows user to change password to their first / last name / domain name (my email id format is firstname.lastname@domain) Which is easily guessable. I was searching better plugin, but could not find any with complex password (ofcourse there should be better plugin).

Thus I modified this plugin to prevent user at the squirrelmail from entering easy passwords.

I prefer to prevent users at squirrelmail rather being dependent on qmail / poppassd.

I hope squirrelmail release better plugin which can prevents passwords which are based on dictionay, matches user id.

Download



if you find any missing point in here, please let us know in comment section or tweet us at @linuxreaders. To get more articles like this, subscribe to our RSS feeds / Mails.

Article by Jigish Thakar

Hi, I am working for one of leading "IT GRC, managed compliance software and services company" as web developer in India. you might find very less updates from me.. as i m very lazzy :) you can follow me on twitter @jigishthakar
Read 5 articles by
  • http://www.technoreaders.com/ Jigish Thakar
  • http://budiwijaya.net budiwijaya

    Is there any modification like you did, but in change_ldap_pass ?

  • http://www.technoreaders.com/ Jigish Thakar

    @Paul Lesniewski
    Mail server is under DMZ, no one can telnet. For me only option was to prevent user’s entering weak passwords at frontend.

  • http://squirrelmail.org Paul Lesniewski

    You used code from a very out of date code branch. If you use 1.5.x
    code, use 1.5.2 (which at some point will have some of these kinds of
    checks added to it).

    The point you missed, however, is that if you run the
    poppassd service and it is not verifying password integrity, your
    users can simply telnet to it and give themselves a weak password.
    That is, your system is poorly configured and this is a security
    weakness. You should fix that and then SquirrelMail wouldn’t need to
    be touched.

Archives

Categories

Page optimized by WP Minify WordPress Plugin