Page 1 of 1
Any chance for Scalix to use cracklib for password checking?
Posted: Mon Oct 01, 2007 6:35 pm
by Beaujolais
Is there a chance that future Scalix releases will use cracklib to check passwords?
Or is this available today perhaps? Did I miss it?
Today's rules for password complexity are quite limited (weak) IMHO.
Posted: Mon Oct 01, 2007 9:44 pm
by Beaujolais
After some additional searching I see that scalix is using pam system.
- Is this standard system pam or some own implementation used internally for scalix?
- Which module in /var/opt/scalix/*/s/sys/pam.d/ is used for password changes through SWA?
If it is standard pam adding cracklib should not be that hard.
Posted: Tue Oct 02, 2007 12:01 am
by chris
Hi Beaujolais,
I've never tried adding pam_cracklib, but it'd certainly be worth a try if you're feeling adventurous with a test system.
Scalix SWA is, in essence, an IMAP client. This it depends on the Remote Client Interface in Scalix. The relevant pam configuration is in /var/opt/scalix/*/s/sys/pam.d/ual.remote
You can try adding it in there - I don't have time to test this now myself, but I'd be curious to hear what you find.
Chris
Posted: Tue Oct 02, 2007 3:36 pm
by Beaujolais
Chris, I've tried adding cracklib to ual.remote but it does not seem to work.