Checking password strength for squirrelmail
Posted by kroshka on Fri 28 Mar 2008 at 10:39
I have successfully used the method below to configure the change_ldappass plugin of Squirrelmail to perform password strength checks using cracklib. I made a few assumptions, but it should be easy to adapt it to your own situation.
For example squirrelmail is custom installed, in /usr/share/squirrelmail/, using the newest stable version and I preferred to use php5, since it didn't require a recompile. PHP4 on debian is not configured/compiled with the required extension. As a side effect this removed php4 which was fine to me, though it did require a slight configuration change here and there.
Install php5 and related packages:
apt-get install php-pear php5 libapache2-mod-php5 php5-dev php5-ldap php5-cli
Install cracklib if it doesn't exist:
apt-get install cracklib2-dev cracklib-runtime
Download compile and install php's crack extension:
pecl install crack
There is a tiny bug in the compilation procedure, to avoid it do:
cd /tmp/pear/cache/crack-0.4 ./configure; make; make install
Enable PHP5 in apache2 if it hasn't been done yet:
a2enmod php5
Edit /etc/apache2/sites-enabled/squirrelmail (not essential)
Change the two occurances of php4 into php5
Configure php5 to work with crack, edit /etc/php5/apache2/php.ini and enter:
[Crack] ; Modify the setting below to match the directory location of the cracklib ; dictionary files. Include the base filename, but not the file extension. extension=crack.so crack.default_dictionary = "/var/cache/cracklib/cracklib_dict"
Edit /usr/share/squirrelmail/plugins/change_ldappass/config.php:
change the line $lcp_crack_dict = ''; to read: $lcp_crack_dict = '/var/cache/cracklib/cracklib_dict';
You may need to run:
ldconfig
Now restart apache:
/etc/init.d/apache2 restart
