qmailadmin password-strenght patch

April 26, 2015 Roberto Puzzanghera2 comments

A big lack of qmail account managers, expecially qmailadmin, is that they do not provide any password complexity check. A couple of days ago I discovered in one of my servers a "test 123456" account and I realized that the time has come to put a patch on it.

Since I had no luck in having cracklib working inside qmailadmin (see crackilib patch, any help  on the purpose would be veeerrry much appreciated) I've quickly found a solution via a javascript form validation, which refuses unsecure passwords. You can easily customize how it decides to accept/refuse the passwords modifying the file pw_strenght_chk.js in the html dir.

Comments

where to get and how to apply patch

Dear Roberto,

i am glad you create such a patch. I would like to get it and make it work. Could you please describe where to get full patch with some short howto apply it on the qmail server?

Thank you in advance.

Reply | Permalink

where to get and how to apply patch

sorry the link was broken... here it is http://notes.sagredo.eu/files/qmail/patches/qmailadmin//qmailadmin-1.2.16-pwd-strenght.2015.04.25.patch.

Info about the installation are in the qmailadmin page

Reply | Permalink