change_pass plugin improvement needed
|
View:
New views
2 Messages
—
Rating Filter:
Alert me
|
 |
change_pass plugin improvement needed
by Frantisek Hanzlik
::
Rate this Message:
Hello,
on my system (Fedora 11 i386, squirrelmail-1.4.19, change_pass-3.0, poppassd-1.8.5) "change_pass" plugin behaves incorrectly when user pass new password, which is unsuitable for PAM subsystem. "poppassd" daemon on that passwd respond like this: 500 PAM error: BAD PASSWORD: it is based on a dictionary word 500 PAM error: BAD PASSWORD: is too simple 200 Password changed, thank-you. (i.e. PAM doesn't like it, but as poppassd daemon run as root, password is changed - third line tell truly about it). But change_pass plugin seems to test return code on first response line (500) and inform user that "Password change was not successful!". Second problem - what if I want respect PAM dissatisfaction with weakly designed password (and want disabling that password change - i.e. simply behavior, as if password change is done by non-root user) ? Maybe some better response parsing with some option as OBEY_PAM_WARNINGS ;) in plugins/change_pass/options.php can solve this, but I'm not programmer... Regards, Franta Hanzlik ------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf ----- squirrelmail-plugins mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-plugins@... List archives: http://news.gmane.org/gmane.mail.squirrelmail.plugins List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-plugins |
|
|
Re: change_pass plugin improvement needed
by Seth Randall-2
::
Rate this Message:
Frantisek Hanzlik wrote:
> Hello, > > on my system (Fedora 11 i386, squirrelmail-1.4.19, change_pass-3.0, > poppassd-1.8.5) "change_pass" plugin behaves incorrectly when user > pass new password, which is unsuitable for PAM subsystem. > "poppassd" daemon on that passwd respond like this: > > 500 PAM error: BAD PASSWORD: it is based on a dictionary word > 500 PAM error: BAD PASSWORD: is too simple > 200 Password changed, thank-you. > > (i.e. PAM doesn't like it, but as poppassd daemon run as root, password > is changed - third line tell truly about it). > > But change_pass plugin seems to test return code on first response line > (500) and inform user that "Password change was not successful!". > > Second problem - what if I want respect PAM dissatisfaction with weakly > designed password (and want disabling that password change - i.e. simply > behavior, as if password change is done by non-root user) ? Maybe some > better response parsing with some option as OBEY_PAM_WARNINGS ;) in > plugins/change_pass/options.php can solve this, but I'm not programmer... > > Regards, Franta Hanzlik poppass was designed to use response codes modeled after FTP. 5xx codes are codes for permanent failure. If poppassd is going to treat those PAM errors as non fatal, they need use a different error code (most likely 100). Since there are many different poppassd programs for different systems with different error messages, adding support for them would be non- trivial. And is unlikely to happen. The devel versions of SquirrelMail include a front end with verification with multiple backends. That would be the best place to add such options. Possibly doing the dictionary look ups and complexity checks before ever passing it to the backend. ------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf ----- squirrelmail-plugins mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-plugins@... List archives: http://news.gmane.org/gmane.mail.squirrelmail.plugins List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-plugins |
| Free embeddable forum powered by Nabble | Forum Help |
