May 1 2020 update: This patch has been replaced by the qmailadmin-cracklib patch, that is much more robust. Look here for more info
A big lack of qmail account managers, expecially qmailadmin, is that they do not provide any password complexity check. A couple of days ago I discovered in one of my servers a "test 123456" account and I realized that the time had come to put a patch on it.
Since I had no luck in having cracklib working inside qmailadmin (any help on the purpose would be veeerrry much appreciated) I've quickly found a solution via a javascript form validation, which refuses unsecure passwords. You can easily customize how it decides to accept/refuse the passwords modifying the file pw_strenght_chk.js in the html dir.
Comments
where to get and how to apply patch
Peter Sutta January 27, 2018 12:46 CET
Dear Roberto,
i am glad you create such a patch. I would like to get it and make it work. Could you please describe where to get full patch with some short howto apply it on the qmail server?
Thank you in advance.
Reply | Permalink
where to get and how to apply patch
Roberto Puzzanghera Peter Sutta January 27, 2018 13:17 CET
sorry the link was broken... here it is
Info about the installation are in the qmailadmin page
Reply | Permalink