Skip to main content

CWP: Configure Roundcube Password Policy

First Ensure The Roundcube Password Plugins is enabled in the following configuration file . I'm showing you the minimum changes but you can change your own rules .
# cat /usr/local/cwpsrv/var/services/roundcube/config/config.inc.php
 
$config['plugins'] = array(    
   'archive',    
   'zipdownload',    
   'managesieve',    
   'password',
 );
Configuring the password plugin
# cd /usr/local/cwpsrv/var/services/roundcube/plugins/
cp -p password/config.inc.php.dist password/config.inc.php
The first setting deals with the minimal length of the password. I recommend to enforce at least 8 characters.
 # vi password/config.inc.php

// Determine whether current password is required to change password.
// Default: false.
$config['password_confirm_current'] = true;

// Require the new password to be a certain length.
// set to blank to allow passwords of any length
$config['password_minimum_length'] = 8;
// Enables logging of password changes into logs/password
$config['password_log'] = true;
We should allow the user to use the old password as the new password. It may sound stupid but as we are upgrading the password scheme from the weak unsalted MD5 to the better SHA2 algorithm we should allow that:
// Enables saving the new password even if it matches the old password. Useful
// for upgrading the stored passwords after the encryption scheme has changed.
$config['password_force_save'] = true;
// Enables forcing new users to change their password at their first login.
$config['password_force_new_user'] = true; 
// Default password hashing/crypting algorithm.
// Possible options: des-crypt, ext-des-crypt, md5-crypt, blowfish-crypt,
// sha256-crypt, sha512-crypt, md5, sha, smd5, ssha, samba, ad, dovecot, clear.
// For details see password::hash_password() method.
$config['password_algorithm'] = 'md5'; 
This post is based on this article.
Link 1
Link 2

Comments

Most Popular

CWP DNS Part 1 : How to Configure DNS properly for CentOS WebPanel on CentOS 7.6

After hosting my parent domain on CWP7.admin, I am getting dns error and i'm not able access my server using my server FQDN but i can access using my server IP.
So what can i do for that problem ?

Yes, you have to fix the error .

Environment Details:
Distro Name: CentOS Linux release 7.6.1810 (Core)
CentOS-Web Panel version: CWP7.admin
CWP version: 0.9.8.757
WebServer: Apache Only
FQDN: host.datahead.biz
IP: 192.120.10.3

1.Change Hostname Permanently:
# hostnamectl set-hostname host.datahead.biz# hostnamectl Static hostname: host.datahead.biz Icon name: computer-vm Chassis: vm Machine ID: 7400071490ea4f7d931374824ad4b52c Boot ID: 6e1f2d76495d4b318c25c4a1195aa130 Virtualization: vmware Operating System: CentOS Linux 7 (Core) CPE OS Name: cpe:/o:centos:centos:7 Kernel: Linux 3.10.0-862.14.4.el7.x86_64 Architecture: x86-64 It also writes this information to the /etc/hostname file as well.
# cat /etc/hostname host.d…

CWP: How to Configure Let's Encrypt SSL Certificate for your server Hostname/FQDN on CWP7.admin

I wrote a blog on http://forum.centos-webpanel.com regarding Let's Encrypt SSL Certificate for CentOS Web Panel when "Letsencrypt Manager"  option was exist under Apache Settings >> Letsencrypt Manager >> Install Letsencrypt .

At Present CWP Team has been removed "Letsencrypt Manager"  that's why it will not renew any cert automatic . They made Auto SSL by default but Auto SSL grade is B and I'm not satisfied with Auto SSL.

Previous Article Link Install Letsencrypt SSL Certificate for your Server Hostname/FQDN, 100% Working 

N.B: I am using the below cipherlist 
https://cipherli.st/
https://mozilla.github.io/server-side-tls/ssl-config-generator/
https://wiki.mozilla.org/Security/Server_Side_TLS

So now I am writing this solution again for all of guys and I hope that it will be 100% working again on your CentOS-Webpanel as mine .

Environment Details:
CPU Model: Intel(R) Xeon(R) CPU X3440 @ 2.53GHz
CPU Details: 2 Core (2527 MHz)
Distro Name: Ce…