* Added SSHA512 method to the hash_password function
Basically a copy of the ssha method this case is compatible with the dovecot ssha512 settings so there is no doveadm needed alongside with roundcube to update ssha512 passwords.
... for simpler implementation of strength indicator in future.
Also simplified configuration by removing password_check_strength and
adding password_minimum_score.
Allow password drivers more control over the entire password changeing
processes not just the save action. Allow them to perform old/new
password comparisons and also password strength checking.
*) allow password drivers override default password comparisons (eg
new is not same as current) #6473
*) allow password drivers override default strength checks (eg allow
for 'not the same as last x passwords')
*) allow separate password saving and strength drivers for use of
strength checking services eg HaveIBeenPwned.com #5040
*) allow drivers to define password strength rules displayed to the
user
*) rename password_require_nonalpha config option to
password_check_strength to reflect new strength checking
possibilities (added backwards compatibility)
If the password policy on the ldap server is violated when changing
password, report error as "constraint violation" instead of the
misleading "connection error".
Only tested with OpenLDAP (v2.4).
Squashed commit of the following:
commit 41283ecab18321201c3adfef8e964e2aa0dc2032
Author: Aleksander Machniak <alec@alec.pl>
Date: Sat Oct 15 08:37:31 2016 +0200
CS fixes after PR merge, renamed session variable
commit b4440a0c4d15c194619c003683ff0d36787f82a8
Merge: cf9f0d85dee181
Author: Aleksander Machniak <alec@alec.pl>
Date: Sat Oct 15 08:26:04 2016 +0200
Merge branch 'master' of https://github.com/ZiBiS/roundcubemail into ZiBiS-master
commit 5dee1812e7
Author: Zbigniew Szmyd <zbigniew.szmyd@linseco.pl>
Date: Thu Oct 13 14:20:14 2016 +0200
passing by session
commit 6ccb7e7d1d
Author: Zbigniew Szmyd <zbigniew.szmyd@linseco.pl>
Date: Thu Oct 13 11:45:43 2016 +0200
formatted passwdexpdatetime should be set in session data
commit a43f30fdfc
Author: Zbigniew Szmyd <zbigniew.szmyd@linseco.pl>
Date: Thu Oct 13 11:10:06 2016 +0200
_passwdexpwarning removed and expdatetime object is stored in session
commit 62ef852a11
Author: Zbigniew Szmyd <zbigniew.szmyd@linseco.pl>
Date: Thu Oct 13 10:24:39 2016 +0200
String concatenation is removed and expdatetime is passed via session
data.
commit 2aea3a4e85
Author: Zbigniew Szmyd <zbigniew.szmyd@linseco.pl>
Date: Wed Oct 12 10:20:58 2016 +0200
Removing ppolicy plugin from my repository.
commit 8848c944ab
Author: Zbigniew Szmyd <zbigniew.szmyd@linseco.pl>
Date: Tue Oct 11 11:32:37 2016 +0200
little correction of variables names
commit 5266c89da9
Author: Zbigniew Szmyd <zbigniew.szmyd@linseco.pl>
Date: Tue Oct 11 11:14:17 2016 +0200
little corrections
commit c665b5c607
Author: Zbigniew Szmyd <zbigniew.szmyd@linseco.pl>
Date: Tue Oct 11 10:31:05 2016 +0200
A plugin to check LDAP password for expiration
I have recently changed the password scheme of my Dovecot/Postfix/Roundcube installation. New passwords are encrypted stronger than before. It is not possible to automatically update existing passwords (because the old encryption is not so bad that I can easily crack it). But I'd like to tell my users that they can upgrade to the new password scheme by simply submitting the "change password" form with their old password in all three input fields. Currently a minor optimization prevents this. I think this minor optimization should be removed.