Checking password strength for squirrelmail
Posted by kroshka on Fri 28 Mar 2008 at 10:39
I have successfully used the method below to configure the change_ldappass plugin of Squirrelmail to perform password strength checks using cracklib. I made a few assumptions, but it should be easy to adapt it to your own situation.
The debian squirrelmail package is already installed and its apache.conf is properly configured to suite your needs, I am using php5
Install php5 and related packages:
apt-get install php-pear php5 libapache2-mod-php5 php5-dev php5-ldap php5-cli
Install cracklib if it doesn't exist:
apt-get install cracklib2-dev cracklib-runtime
Download compile and install php's crack extension:
pecl download crack
There is a bug in the source that causes crack_opendict() to fail on 64 bits systems See: https://bugs.php.net/bug.php?id=57463To fix:
cd crack-0.4 vim libcrack/src/cracklib.h:47 replace "typedef unsigned long int int32;" with "typedef unsigned int int32;"
Enable PHP5 in apache2 if it hasn't been done yet:
In case /etc/squirrelmail/apache.conf still refers to php4 edit it:
Change the two occurrences of php4 into php5
Configure php5 to work with crack, edit /etc/php5/apache2/php.ini and enter:
[Crack] ; Modify the setting below to match the directory location of the cracklib ; dictionary files. Include the base filename, but not the file extension. extension=crack.so crack.default_dictionary = "/var/cache/cracklib/cracklib_dict"
change the line $lcp_crack_dict = ''; to read: $lcp_crack_dict = '/var/cache/cracklib/cracklib_dict';
You may need to run:
Now restart apache: