Roundcube/Plugin/password: Unterschied zwischen den Versionen
Die Seite wurde neu angelegt: „== Password == * Plugin name: ''password'' This is shipped with Roundcube, so it doesn't need to be installed. You can use either <code>vpopmaild</code> or <code>sql</code> driver (thanks to John D. Trolinger). This plugin provides some driver to enforce the password strenght and I tryied <code>zxcvbn</code> with no success. Fortunately Tony Fung explained in a comment how to patch the plugin to use <code>cracklib</code> as a password strenght library.…“ |
Keine Bearbeitungszusammenfassung |
||
| Zeile 58: | Zeile 58: | ||
patch -p1 < cracklib-roundcube_pwd_plugin.patch | patch -p1 < cracklib-roundcube_pwd_plugin.patch | ||
Be aware that the <code>cracklib</code> library must be installed as already explained in the qmailadmin's page. You also have to remove <code>exec</code> from <code>disable_functions</code> in your <code>php.ini</code>. | Be aware that the <code>cracklib</code> library must be installed as already explained in the qmailadmin's page. You also have to remove <code>exec</code> from <code>disable_functions</code> in your <code>php.ini</code>. | ||
[[Kategorie:Roundcube/Plugin]] | |||
Aktuelle Version vom 27. August 2023, 15:27 Uhr
Password
- Plugin name: password
This is shipped with Roundcube, so it doesn't need to be installed. You can use either vpopmaild or sql driver (thanks to John D. Trolinger).
This plugin provides some driver to enforce the password strenght and I tryied zxcvbn with no success. Fortunately Tony Fung explained in a comment how to patch the plugin to use cracklib as a password strenght library. If you want to use this approach read below.
Choosing the vpopmaild driver
# cd plugins/password # cp -p config.inc.php.dist config.inc.php # nano config.inc.php $config['password_driver'] = 'vpopmaild'; // Determine whether current password is required to change password. // Default: false. $config['password_confirm_current'] = true; // vpopmaild Driver options // ----------------------- // The host which changes the password $config['password_vpopmaild_host'] = '<mail-server-IP>'; // TCP port used for vpopmaild connections $config['password_vpopmaild_port'] = 89;
Remember to replace <mail-server-IP> with the IP address of your MTA (generally localhost).
Choosing the sql driver
// We have MYSQL for our VPOPMAIL DATABASE so we use the sql driver
$config['password_driver'] = 'sql';
// Determine whether current password is required to change password.
// Default: false.
$config['password_confirm_current'] = true;
// SQL Driver options
// ------------------
// PEAR database DSN for performing the query. By default
// Roundcube DB settings are used.
// We have a VPOPMAIL DB and the database and table name is vpopmail
$config['password_db_dsn'] =
'mysql://vpopmail:YOURPASSWORDGOESHERE@<mysql-IP>/vpopmail';
// The username and domainname are different columns JDT
$config['password_query'] = 'UPDATE vpopmail set
pw_passwd=ENCRYPT(%p,concat("$1$",right(md5(rand()),8 ),"$")),
pw_clear_passwd=%p where pw_name=%l and pw_domain=%d';
// VPOPMAIL uses salted hash so md5 JDT
$config['password_crypt_hash'] = 'md5';
Here <mysql-IP> is the IP address of your sql server (put localhost if qmail and sql servers share the same IP).
Cracklib patch
You may want to patch the plugin to gain cracklib's security benefits (thanks to Tony Fung for the patch), so that both roundcube and qmailadmin share the same password check system:
cd /var/www/roundcube wget https://notes.sagredo.eu/files/qmail/patches/roundcube/cracklib-roundcube_pwd_plugin.patch patch -p1 < cracklib-roundcube_pwd_plugin.patch
Be aware that the cracklib library must be installed as already explained in the qmailadmin's page. You also have to remove exec from disable_functions in your php.ini.