change_pass plugin improvement

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

change_pass plugin improvement

Frantisek Hanzlik
I'm using change_pass-3.1 plugin with Paweł Krawczyk poppassd
( password changer
for updating user's (shadow) files and/or LDAP passwords.

What was confusing users was quite unclear message when password
change fails - plugin says only 'Password change was not successful!'

But when configuring underlying poppassd with pam_cracklib, then
there may be lot of reasons for failure (e.g.:
BAD PASSWORD: is a palindrome
BAD PASSWORD: is too similar to the old one
BAD PASSWORD: is too simple
BAD PASSWORD: it does not contain enough DIFFERENT characters
BAD PASSWORD: it is based on a dictionary word
BAD PASSWORD: it is based on a (reversed) dictionary word
BAD PASSWORD: it is too simplistic/systematic
BAD PASSWORD: it is WAY too short

Fortunately poppassd sends them to change_pass plugin and there can
be processed - which is what it is trying to have do my small patch
in attachment. In case of failure, message from popassd is displayed
together with original message.

Sorry, I'm not programmer and my solution is probably ugly hack, but
at least it could serve as idea for precise improvement (e.g. enable
this option in config.php as other poppassd servers may not be capable
to return errors etc.)

Regards, Franta Hanzlik

Want excitement?
Manually upgrade your production database.
When you want reliability, choose Perforce
Perforce version control. Predictably reliable.
squirrelmail-plugins mailing list
Posting guidelines:
List address: [hidden email]
List archives:
List info (subscribe/unsubscribe/change options):

change_pass-3.1.patch (1K) Download Attachment