This site is now 100% read-only, and retired.

Checking password strength for squirrelmail

Posted by kroshka on Fri 28 Mar 2008 at 10:39

I have successfully used the method below to configure the change_ldappass plugin of Squirrelmail to perform password strength checks using cracklib. I made a few assumptions, but it should be easy to adapt it to your own situation.

The debian squirrelmail package is already installed and its apache.conf is properly configured to suite your needs, I am using php5

Install php5 and related packages:

apt-get install php-pear php5 libapache2-mod-php5 php5-dev php5-ldap php5-cli

Install cracklib if it doesn't exist:

apt-get install cracklib2-dev cracklib-runtime

Download compile and install php's crack extension:

pecl download crack

There is a bug in the source that causes crack_opendict() to fail on 64 bits systems See:

To fix:
cd crack-0.4
vim libcrack/src/cracklib.h:47
replace "typedef unsigned long int int32;" with "typedef unsigned int int32;"

Enable PHP5 in apache2 if it hasn't been done yet:

a2enmod php5

In case /etc/squirrelmail/apache.conf still refers to php4 edit it:

Change the two occurrences of php4 into php5

Configure php5 to work with crack, edit /etc/php5/apache2/php.ini and enter:

; Modify the setting below to match the directory location of the cracklib
; dictionary files.  Include the base filename, but not the file extension.
crack.default_dictionary = "/var/cache/cracklib/cracklib_dict"

Edit /usr/share/squirrelmail/plugins/change_ldappass/config.php:

change the line $lcp_crack_dict = '';
to read: $lcp_crack_dict = '/var/cache/cracklib/cracklib_dict';

You may need to run:


Now restart apache:

/etc/init.d/apache2 restart