|
1 <HTML> |
|
2 <HEAD> |
|
3 <TITLE>checkvpw - check passwords for virtual and non-virtual users</TITLE> |
|
4 <LINK REV="made" HREF="mailto:root@porky.devel.redhat.com"> |
|
5 </HEAD> |
|
6 |
|
7 <BODY> |
|
8 |
|
9 <!-- INDEX BEGIN --> |
|
10 <!-- |
|
11 |
|
12 <UL> |
|
13 |
|
14 <LI><A HREF="#NAME">NAME</A> |
|
15 <LI><A HREF="#SYNOPSIS">SYNOPSIS</A> |
|
16 <LI><A HREF="#DESCRIPTION">DESCRIPTION</A> |
|
17 <LI><A HREF="#RETURN_VALUE">RETURN VALUE</A> |
|
18 <LI><A HREF="#ENVIRONMENT">ENVIRONMENT</A> |
|
19 <LI><A HREF="#SEE_ALSO">SEE ALSO</A> |
|
20 <LI><A HREF="#AUTHOR">AUTHOR</A> |
|
21 </UL> |
|
22 --> |
|
23 <!-- INDEX END --> |
|
24 |
|
25 <P> |
|
26 <H1><A NAME="NAME">NAME</A></H1> |
|
27 <P> |
|
28 checkvpw - check passwords for virtual and non-virtual users |
|
29 |
|
30 <P> |
|
31 <HR> |
|
32 <H1><A NAME="SYNOPSIS">SYNOPSIS</A></H1> |
|
33 <P> |
|
34 <STRONG>checkvpw</STRONG> <STRONG>subprogram</STRONG> [<STRONG>arguments...</STRONG>] |
|
35 |
|
36 <P> |
|
37 <HR> |
|
38 <H1><A NAME="DESCRIPTION">DESCRIPTION</A></H1> |
|
39 <P> |
|
40 This program is a drop-in replacement for the standard checkpassword, |
|
41 written by D. J. Bernstein (<A |
|
42 HREF="mailto:djb@pobox.com">djb@pobox.com</A>) In the absence of virtual |
|
43 hosting (determined by the use of |
|
44 <EM>/var/qmail/control/virtualdomainss</EM> and IP aliases), it behaves identically to checkpassword. When virtual |
|
45 hosting is used, it permits logins from a unique set of users for each of |
|
46 the aliases. |
|
47 |
|
48 <P> |
|
49 <EM>checkvpw</EM> must be run from either the <EM>tcp-env</EM> program (part of the <EM>qmail</EM> |
|
50 package) or from a suitable substitute, such as <EM>tcpserver</EM> |
|
51 (part of the <EM>ucspi-tcp</EM> package). These packages are used to determine to which address a remote |
|
52 host is connecting. |
|
53 <EM>checkvpw</EM> must also be passed the checkpassword-compatible authentication data on |
|
54 file descriptor three. This can be accomplished by running it from a tool |
|
55 such as |
|
56 <EM>qmail-popup</EM>. |
|
57 |
|
58 <P> |
|
59 <EM>checkvpw</EM> accepts a command line in the following format: |
|
60 |
|
61 <P> |
|
62 <PRE> checkvpw [subprogram] [arguments...] |
|
63 </PRE> |
|
64 <P> |
|
65 If the authentication information is valid, the subprogram is run, |
|
66 otherwise <EM>checkvpw</EM> returns an error to the program that invokes it. |
|
67 |
|
68 <P> |
|
69 If the user name contains the character <CODE>@</CODE>, the host name reported by <EM>tcp-env</EM> is replaced by the string following the |
|
70 <CODE>@</CODE>, and the user name is replaced by the string preceding the |
|
71 <CODE>@</CODE>. If the local host name reported by <EM>tcp-env</EM> matches one of those in <EM>/var/qmail/control/virtualdomains</EM>, <EM>checkvpw</EM> prepends the |
|
72 <EM>prepend</EM> string associated with the host name to the given user name. Wildcards in <EM>virtualdomains</EM> are permitted and are handled in the same way <EM>qmail</EM> handles them (see <EM>qmail-send</EM>). For example, if the line <CODE>.bar.com:bar</CODE> appears in the virtual hosts file, it matches <CODE>one.two.bar.com</CODE> but not <CODE>bar.com</CODE>. |
|
73 |
|
74 <P> |
|
75 If the user name resulting from the above step appears in the system |
|
76 password file (typically <EM>/etc/passwd</EM>), the user is treated as a local user and authenticated with the |
|
77 information from that file. If this authentication succeeds, the mail |
|
78 directory is set to the subdirectory named on the command line. If the user |
|
79 name does not appear in the system password file and is of the form <CODE>name-ext</CODE> where <CODE>name</CODE> does appear in the password file, the user is treated as a ``virtual'' user |
|
80 and authenticated with the information from a file named <EM>passwd</EM> in the user's home directory. If this authentication succeeds, the mail |
|
81 directory is set to the subdirectory <EM>users/ext/</EM> in the user's home directory, where |
|
82 <CODE>ext</CODE> is from the above step. |
|
83 |
|
84 <P> |
|
85 <EM>checkvpw</EM> also does some rewriting on the arguments of the subprogram. Any argument |
|
86 matching the string ``<CODE>maildir</CODE>'' (ignoring case) is replaced with the full path of the mail directory, as |
|
87 determined by the steps above. |
|
88 |
|
89 <P> |
|
90 This program may be invoked in combination with <EM>qmail-popup</EM> and |
|
91 <EM>qmail-pop3d</EM> from inetd by placing the following line in the |
|
92 <EM>/etc/inetd.conf</EM> configuration file (all one line): |
|
93 |
|
94 <P> |
|
95 <PRE> pop-3 stream tcp nowait root /var/qmail/bin/tcp-env tcp-env -R /var/qmail/bin/qmail-popup <hostname> /usr/bin/checkvpw /var/qmail/bin/qmail-pop3d Maildir/ |
|
96 </PRE> |
|
97 <P> |
|
98 <HR> |
|
99 <H1><A NAME="RETURN_VALUE">RETURN VALUE</A></H1> |
|
100 <P> |
|
101 0 if the user is successfully authenticated, nonzero if any error occurred. |
|
102 Exit code 1 indicates that a bad password was given, 2 indicates that the |
|
103 program was used incorrectly, and 111 indicates a temporary failure. |
|
104 |
|
105 <P> |
|
106 <HR> |
|
107 <H1><A NAME="ENVIRONMENT">ENVIRONMENT</A></H1> |
|
108 <P> |
|
109 <EM>checkvpw</EM> requires that <CODE>TCPLOCALHOST</CODE> be set to the host name of the local address of the connection. |
|
110 |
|
111 <P> |
|
112 <HR> |
|
113 <H1><A NAME="SEE_ALSO">SEE ALSO</A></H1> |
|
114 <P> |
|
115 <CODE>vdeliver(1)</CODE> |
|
116 |
|
117 <P> |
|
118 <HR> |
|
119 <H1><A NAME="AUTHOR">AUTHOR</A></H1> |
|
120 <P> |
|
121 Bruce Guenter <<EM>bruceg@em.ca</EM>>. |
|
122 |
|
123 </BODY> |
|
124 |
|
125 </HTML> |