Author Topic: Advice needed for password_force plugin (Read 7152 times)

ABerglund · « **on:** May 23, 2011, 05:21:07 PM »

Greetings, all.

Our organization wants to implement a method to force a password change due to password age. I have found one plugin for this, but it will not work in our environment.

In fact, due to the uniqueness of our environment, I suspect that I'd need to rework anything that might be offered. So that being the case, I'm going to take a stab at building my own plugin, despite my inexperience with PHP and javascript. Because I lack experience, any tips or suggestions are welcomed.

My plan is to combine the features of the standard password plugin with the force-change routines from force_pass (http://www.roundcubeforum.net/7-third-party-contributions/46-api-based-plugins/7468-new-file-added-force-password-change.html) which was written for postfix. We need the poppassd support from the password plugin.

Here's where things get muddy for me - I need to store the password age somewhere RC can read and write. Our users only have one method to change their email passwords - within RC. While the password age is saved in the shadow file on the mailserver, RC is on a separate server and can not read or write to the shadow file.

So it seems the best idea would be to save the password age within the Prefs in the RC database. That should be quick and easy to read, and the password change operation - while still using poppassd to do the real work - should be able to update that pref in the RC db.

Will this work? Any of you plugin developers see any glaring hangups with this? Any suggestions to offer?

SKaero · « **Reply #1 on:** May 24, 2011, 05:48:49 AM »

That sounds like it would work to me, but I think it may be easier to just add another column to the users table or add another table (to avoid problems when updating RC) to store the password age information. Let me know if you run into problems, I'd be happy to help.

ABerglund · « **Reply #2 on:** May 24, 2011, 11:15:54 AM »

I definitely do not want to do anything that would make future RC updates difficult. Adding a separate table for age would be OK then? I assume I'd just need to use standard PHP/mysql routines to read and write to that table?

Do you think there would be any issues with increased overhead in reading the age table after successful login? I figured RC reads the prefs at login - but maybe the plugin would have to read and parse the entire prefs list again anyway.

Actually, now that I think about it, having the password age in a separate table would vastly simplify a secondary desire of wanting to force a change after an administrative reset, which is done on yet a different server.

Good thoughts, skaero. Thanks. If I have more questions, should I PM you?

SKaero · « **Reply #3 on:** June 01, 2011, 08:33:53 AM »

Sorry for the delay I hope its going well, I think adding the additional table would be a good way to do it and you should be able to read it using RoundCube query system. I don't thing the overhead will be an issue as long the user column is indexed. If you have any more questions it would probably be best to send me an email or PM for the fastest reply time.

hendro · « **Reply #4 on:** August 08, 2012, 11:41:25 AM »

Where I can find the password force plugins? The original link is no longer valid...Tx