|
0
|
1 |
<HTML>
|
|
|
2 |
<HEAD>
|
|
|
3 |
<TITLE>checkvpw - check passwords for virtual and non-virtual users</TITLE>
|
|
|
4 |
<LINK REV="made" HREF="mailto:root@porky.devel.redhat.com">
|
|
|
5 |
</HEAD>
|
|
|
6 |
|
|
|
7 |
<BODY>
|
|
|
8 |
|
|
|
9 |
<!-- INDEX BEGIN -->
|
|
|
10 |
<!--
|
|
|
11 |
|
|
|
12 |
<UL>
|
|
|
13 |
|
|
|
14 |
<LI><A HREF="#NAME">NAME</A>
|
|
|
15 |
<LI><A HREF="#SYNOPSIS">SYNOPSIS</A>
|
|
|
16 |
<LI><A HREF="#DESCRIPTION">DESCRIPTION</A>
|
|
|
17 |
<LI><A HREF="#RETURN_VALUE">RETURN VALUE</A>
|
|
|
18 |
<LI><A HREF="#ENVIRONMENT">ENVIRONMENT</A>
|
|
|
19 |
<LI><A HREF="#SEE_ALSO">SEE ALSO</A>
|
|
|
20 |
<LI><A HREF="#AUTHOR">AUTHOR</A>
|
|
|
21 |
</UL>
|
|
|
22 |
-->
|
|
|
23 |
<!-- INDEX END -->
|
|
|
24 |
|
|
|
25 |
<P>
|
|
|
26 |
<H1><A NAME="NAME">NAME</A></H1>
|
|
|
27 |
<P>
|
|
|
28 |
checkvpw - check passwords for virtual and non-virtual users
|
|
|
29 |
|
|
|
30 |
<P>
|
|
|
31 |
<HR>
|
|
|
32 |
<H1><A NAME="SYNOPSIS">SYNOPSIS</A></H1>
|
|
|
33 |
<P>
|
|
|
34 |
<STRONG>checkvpw</STRONG> <STRONG>subprogram</STRONG> [<STRONG>arguments...</STRONG>]
|
|
|
35 |
|
|
|
36 |
<P>
|
|
|
37 |
<HR>
|
|
|
38 |
<H1><A NAME="DESCRIPTION">DESCRIPTION</A></H1>
|
|
|
39 |
<P>
|
|
|
40 |
This program is a drop-in replacement for the standard checkpassword,
|
|
|
41 |
written by D. J. Bernstein (<A
|
|
|
42 |
HREF="mailto:djb@pobox.com">djb@pobox.com</A>) In the absence of virtual
|
|
|
43 |
hosting (determined by the use of
|
|
|
44 |
<EM>/var/qmail/control/virtualdomainss</EM> and IP aliases), it behaves identically to checkpassword. When virtual
|
|
|
45 |
hosting is used, it permits logins from a unique set of users for each of
|
|
|
46 |
the aliases.
|
|
|
47 |
|
|
|
48 |
<P>
|
|
|
49 |
<EM>checkvpw</EM> must be run from either the <EM>tcp-env</EM> program (part of the <EM>qmail</EM>
|
|
|
50 |
package) or from a suitable substitute, such as <EM>tcpserver</EM>
|
|
|
51 |
(part of the <EM>ucspi-tcp</EM> package). These packages are used to determine to which address a remote
|
|
|
52 |
host is connecting.
|
|
|
53 |
<EM>checkvpw</EM> must also be passed the checkpassword-compatible authentication data on
|
|
|
54 |
file descriptor three. This can be accomplished by running it from a tool
|
|
|
55 |
such as
|
|
|
56 |
<EM>qmail-popup</EM>.
|
|
|
57 |
|
|
|
58 |
<P>
|
|
|
59 |
<EM>checkvpw</EM> accepts a command line in the following format:
|
|
|
60 |
|
|
|
61 |
<P>
|
|
|
62 |
<PRE> checkvpw [subprogram] [arguments...]
|
|
|
63 |
</PRE>
|
|
|
64 |
<P>
|
|
|
65 |
If the authentication information is valid, the subprogram is run,
|
|
|
66 |
otherwise <EM>checkvpw</EM> returns an error to the program that invokes it.
|
|
|
67 |
|
|
|
68 |
<P>
|
|
|
69 |
If the user name contains the character <CODE>@</CODE>, the host name reported by <EM>tcp-env</EM> is replaced by the string following the
|
|
|
70 |
<CODE>@</CODE>, and the user name is replaced by the string preceding the
|
|
|
71 |
<CODE>@</CODE>. If the local host name reported by <EM>tcp-env</EM> matches one of those in <EM>/var/qmail/control/virtualdomains</EM>, <EM>checkvpw</EM> prepends the
|
|
|
72 |
<EM>prepend</EM> string associated with the host name to the given user name. Wildcards in <EM>virtualdomains</EM> are permitted and are handled in the same way <EM>qmail</EM> handles them (see <EM>qmail-send</EM>). For example, if the line <CODE>.bar.com:bar</CODE> appears in the virtual hosts file, it matches <CODE>one.two.bar.com</CODE> but not <CODE>bar.com</CODE>.
|
|
|
73 |
|
|
|
74 |
<P>
|
|
|
75 |
If the user name resulting from the above step appears in the system
|
|
|
76 |
password file (typically <EM>/etc/passwd</EM>), the user is treated as a local user and authenticated with the
|
|
|
77 |
information from that file. If this authentication succeeds, the mail
|
|
|
78 |
directory is set to the subdirectory named on the command line. If the user
|
|
|
79 |
name does not appear in the system password file and is of the form <CODE>name-ext</CODE> where <CODE>name</CODE> does appear in the password file, the user is treated as a ``virtual'' user
|
|
|
80 |
and authenticated with the information from a file named <EM>passwd</EM> in the user's home directory. If this authentication succeeds, the mail
|
|
|
81 |
directory is set to the subdirectory <EM>users/ext/</EM> in the user's home directory, where
|
|
|
82 |
<CODE>ext</CODE> is from the above step.
|
|
|
83 |
|
|
|
84 |
<P>
|
|
|
85 |
<EM>checkvpw</EM> also does some rewriting on the arguments of the subprogram. Any argument
|
|
|
86 |
matching the string ``<CODE>maildir</CODE>'' (ignoring case) is replaced with the full path of the mail directory, as
|
|
|
87 |
determined by the steps above.
|
|
|
88 |
|
|
|
89 |
<P>
|
|
|
90 |
This program may be invoked in combination with <EM>qmail-popup</EM> and
|
|
|
91 |
<EM>qmail-pop3d</EM> from inetd by placing the following line in the
|
|
|
92 |
<EM>/etc/inetd.conf</EM> configuration file (all one line):
|
|
|
93 |
|
|
|
94 |
<P>
|
|
|
95 |
<PRE> pop-3 stream tcp nowait root /var/qmail/bin/tcp-env tcp-env -R /var/qmail/bin/qmail-popup <hostname> /usr/bin/checkvpw /var/qmail/bin/qmail-pop3d Maildir/
|
|
|
96 |
</PRE>
|
|
|
97 |
<P>
|
|
|
98 |
<HR>
|
|
|
99 |
<H1><A NAME="RETURN_VALUE">RETURN VALUE</A></H1>
|
|
|
100 |
<P>
|
|
|
101 |
0 if the user is successfully authenticated, nonzero if any error occurred.
|
|
|
102 |
Exit code 1 indicates that a bad password was given, 2 indicates that the
|
|
|
103 |
program was used incorrectly, and 111 indicates a temporary failure.
|
|
|
104 |
|
|
|
105 |
<P>
|
|
|
106 |
<HR>
|
|
|
107 |
<H1><A NAME="ENVIRONMENT">ENVIRONMENT</A></H1>
|
|
|
108 |
<P>
|
|
|
109 |
<EM>checkvpw</EM> requires that <CODE>TCPLOCALHOST</CODE> be set to the host name of the local address of the connection.
|
|
|
110 |
|
|
|
111 |
<P>
|
|
|
112 |
<HR>
|
|
|
113 |
<H1><A NAME="SEE_ALSO">SEE ALSO</A></H1>
|
|
|
114 |
<P>
|
|
|
115 |
<CODE>vdeliver(1)</CODE>
|
|
|
116 |
|
|
|
117 |
<P>
|
|
|
118 |
<HR>
|
|
|
119 |
<H1><A NAME="AUTHOR">AUTHOR</A></H1>
|
|
|
120 |
<P>
|
|
|
121 |
Bruce Guenter <<EM>bruceg@em.ca</EM>>.
|
|
|
122 |
|
|
|
123 |
</BODY>
|
|
|
124 |
|
|
|
125 |
</HTML>
|