Refuse weak passwords

Discussion in 'Mail Server Support' started by ychaouche, May 22, 2018.

  1. ychaouche

    ychaouche Valued Member

    Joined:
    Mar 22, 2016
    Messages:
    18
    Likes Received:
    3
    Hello EQ :)

    My users use roundcube to connect to read their mail. I have enabled the password plugin to enable them to change their passwords. However, I would like to know what can I do to refuse changing the password if it is too weak ? I have already installed the zxcvbn python module to check password strength from the command line, I'd like to know if it's possible to somehow get that script called by roundcube or something similar ?

    Yassine.
     


  2. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    9,291
    Likes Received:
    140
    I haven't used roundcube recently (maybe not ever). Try to Google with phrases such as "roundcube enforce strong password strength" to help find you a site that can better assist with this question. I see a variety of results of varying age with this request.
     

  3. ychaouche

    ychaouche Valued Member

    Joined:
    Mar 22, 2016
    Messages:
    18
    Likes Received:
    3
    Hello popowich,

    I ended up writing my own driver for the password plugin based off the chgpasswd driver. It calls the zxcvbn-wrapped script via exec and captures both its exit code and output. The output is processed and shown to the user (estimated cracking time).
     

    popowich likes this.

Want to reply or ask your own question?

It only takes a minute to sign up (and it's free!). Click the orange sign up button to choose a username and then you can ask your own questions on the forum.
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice