Mercurial Mercurial > vmailmgr / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
authenticate/checkvpw.html
changeset 2 b3afb9f1e801
parent 0 6f7a81934006
equal deleted inserted replaced
1:30113bfbe723 2:b3afb9f1e801 
     1 <HTML>
 
     1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 
     2 <HEAD>
 
     2 <html xmlns="http://www.w3.org/1999/xhtml">
 
     3 <TITLE>checkvpw - check passwords for virtual and non-virtual users</TITLE>
 
     3 <head>
 
     4 <LINK REV="made" HREF="mailto:root@porky.devel.redhat.com">
 
     4 <title>checkvpw - check passwords for virtual and non-virtual users</title>
 
     5 </HEAD>
 
     5 <link rev="made" href="mailto:Gentoo@lorien.untroubled.org" />
 
       
     6 </head>
 
     6 
     7 
     7 <BODY>
 
     8 <body style="background-color: white">
 
     8 
     9 
       
    10 <p><a name="__index__"></a></p>
 
     9 <!-- INDEX BEGIN -->
 
    11 <!-- INDEX BEGIN -->
 
    10 <!--
 
    12 <!--
 
    11 
    13 
    12 <UL>
 
    14 <ul>
 
    13 
    15 
    14 	<LI><A HREF="#NAME">NAME</A>
 
    16 	<li><a href="#name">NAME</a></li>
 
    15 	<LI><A HREF="#SYNOPSIS">SYNOPSIS</A>
 
    17 	<li><a href="#synopsis">SYNOPSIS</a></li>
 
    16 	<LI><A HREF="#DESCRIPTION">DESCRIPTION</A>
 
    18 	<li><a href="#description">DESCRIPTION</a></li>
 
    17 	<LI><A HREF="#RETURN_VALUE">RETURN VALUE</A>
 
    19 	<li><a href="#return_value">RETURN VALUE</a></li>
 
    18 	<LI><A HREF="#ENVIRONMENT">ENVIRONMENT</A>
 
    20 	<li><a href="#environment">ENVIRONMENT</a></li>
 
    19 	<LI><A HREF="#SEE_ALSO">SEE ALSO</A>
 
    21 	<li><a href="#see_also">SEE ALSO</a></li>
 
    20 	<LI><A HREF="#AUTHOR">AUTHOR</A>
 
    22 	<li><a href="#author">AUTHOR</a></li>
 
    21 </UL>
 
    23 </ul>
 
    22 -->
 
    24 -->
 
    23 <!-- INDEX END -->
 
    25 <!-- INDEX END -->
 
    24 
    26 
    25 <P>
 
    27 <p>
 
    26 <H1><A NAME="NAME">NAME</A></H1>
 
    28 </p>
 
    27 <P>
 
    29 <h1><a name="name">NAME</a></h1>
 
    28 checkvpw - check passwords for virtual and non-virtual users
 
    30 <p>checkvpw - check passwords for virtual and non-virtual users</p>
 
       
    31 <p>
 
       
    32 </p>
 
       
    33 <hr />
 
       
    34 <h1><a name="synopsis">SYNOPSIS</a></h1>
 
       
    35 <p><strong>checkvpw</strong> <strong>subprogram</strong> [<strong>arguments...</strong>]</p>
 
       
    36 <p>
 
       
    37 </p>
 
       
    38 <hr />
 
       
    39 <h1><a name="description">DESCRIPTION</a></h1>
 
       
    40 <p>This program is a drop-in replacement for the standard checkpassword,
 
       
    41 written by D. J. Bernstein (<a href="mailto:djb@pobox.com">djb@pobox.com</a>)
 
       
    42 In the absence of virtual hosting (determined by the use of
 
       
    43 <em>/var/qmail/control/virtualdomainss</em> and IP aliases),
 
       
    44 it behaves identically to checkpassword.
 
       
    45 When virtual hosting is used, it permits logins from a unique set of
 
       
    46 users for each of the aliases.</p>
 
       
    47 <p><em>checkvpw</em> must be run from either the <em>tcp-env</em> program
 
       
    48 (part of the <em>qmail</em>
 
       
    49 package) or from a suitable substitute, such as <em>tcpserver</em>
 
       
    50 (part of the <em>ucspi-tcp</em> package).
 
       
    51 These packages are used to determine to
 
       
    52 which address a remote host is connecting.
 
       
    53 <em>checkvpw</em> must also be passed the checkpassword-compatible
 
       
    54 authentication data on file descriptor three.
 
       
    55 This can be accomplished by running it from a tool such as
 
       
    56 <em>qmail-popup</em>.</p>
 
       
    57 <p><em>checkvpw</em> accepts a command line in the following format:</p>
 
       
    58 <pre>
 
       
    59         checkvpw [subprogram] [arguments...]</pre>
 
       
    60 <p>If the authentication information is valid, the subprogram is run,
 
       
    61 otherwise <em>checkvpw</em> returns an error to the program that invokes it.</p>
 
       
    62 <p>If the user name contains the character <code>@</code>, the host name
 
       
    63 reported by <em>tcp-env</em> is replaced by the string following the
 
       
    64 <code>@</code>, and the user name is replaced by the string preceding the
 
       
    65 <code>@</code>.
 
       
    66 If the local host name reported by <em>tcp-env</em> matches one of those
 
       
    67 in <em>/var/qmail/control/virtualdomains</em>, <em>checkvpw</em> prepends the
 
       
    68 <em>prepend</em> string associated with the host name to the given user
 
       
    69 name.
 
       
    70 Wildcards in <em>virtualdomains</em> are permitted and are handled in the
 
       
    71 same way <em>qmail</em> handles them (see <em>qmail-send</em>).
 
       
    72 For example, if the line <code>.bar.com:bar</code> appears in the virtual hosts
 
       
    73 file, it matches <code>one.two.bar.com</code> but not <code>bar.com</code>.</p>
 
       
    74 <p>If the user name resulting from the above step appears in the system
 
       
    75 password file (typically <em>/etc/passwd</em>), the user is treated as a
 
       
    76 local user and authenticated with the information from that file.
 
       
    77 If this authentication succeeds, the mail directory is set to the
 
       
    78 subdirectory named on the command line.
 
       
    79 If the user name does not appear in the system password file and is of
 
       
    80 the form <code>name-ext</code> where <code>name</code> does appear in the password
 
       
    81 file, the user is treated as a ``virtual'' user and authenticated with the
 
       
    82 information from a file named <em>passwd</em> in the user's home directory.
 
       
    83 If this authentication succeeds, the mail directory is set to the
 
       
    84 subdirectory <em>users/ext/</em> in the user's home directory, where
 
       
    85 <code>ext</code> is from the above step.</p>
 
       
    86 <p><em>checkvpw</em> also does some rewriting on the arguments of the
 
       
    87 subprogram.
 
       
    88 Any argument matching the string ``<code>maildir</code>'' (ignoring case) is
 
       
    89 replaced with the full path of the mail directory, as determined by the
 
       
    90 steps above.</p>
 
       
    91 <p>This program may be invoked in combination with <em>qmail-popup</em> and
 
       
    92 <em>qmail-pop3d</em> from inetd by placing the following line in the
 
       
    93 <em>/etc/inetd.conf</em> configuration file (all one line):</p>
 
       
    94 <pre>
 
       
    95         pop-3 stream tcp nowait root /var/qmail/bin/tcp-env tcp-env -R /var/qmail/bin/qmail-popup &lt;hostname&gt; /usr/bin/checkvpw /var/qmail/bin/qmail-pop3d Maildir/</pre>
 
       
    96 <p>
 
       
    97 </p>
 
       
    98 <hr />
 
       
    99 <h1><a name="return_value">RETURN VALUE</a></h1>
 
       
   100 <p>0 if the user is successfully authenticated, nonzero if any error
 
       
   101 occurred.  Exit code 1 indicates that a bad password was given, 2
 
       
   102 indicates that the program was used incorrectly, and 111 indicates
 
       
   103 a temporary failure.</p>
 
       
   104 <p>
 
       
   105 </p>
 
       
   106 <hr />
 
       
   107 <h1><a name="environment">ENVIRONMENT</a></h1>
 
       
   108 <p><em>checkvpw</em> requires that <code>TCPLOCALHOST</code> be set to the host name of
 
       
   109 the local address of the connection.</p>
 
       
   110 <p>
 
       
   111 </p>
 
       
   112 <hr />
 
       
   113 <h1><a name="see_also">SEE ALSO</a></h1>
 
       
   114 <p><code>vdeliver(1)</code></p>
 
       
   115 <p>
 
       
   116 </p>
 
       
   117 <hr />
 
       
   118 <h1><a name="author">AUTHOR</a></h1>
 
       
   119 <p>Bruce Guenter &lt;<em><a href="mailto:bruceg@em.ca">bruceg@em.ca</a></em>&gt;.</p>
 
    29 
   120 
    30 <P>
 
   121 </body>
 
    31 <HR>
 
       
    32 <H1><A NAME="SYNOPSIS">SYNOPSIS</A></H1>
 
       
    33 <P>
 
       
    34 <STRONG>checkvpw</STRONG>  <STRONG>subprogram</STRONG> [<STRONG>arguments...</STRONG>]
 
       
    35 
   122 
    36 <P>
 
   123 </html>
 
    37 <HR>
 
       
    38 <H1><A NAME="DESCRIPTION">DESCRIPTION</A></H1>
 
       
    39 <P>
 
       
    40 This program is a drop-in replacement for the standard checkpassword,
 
       
    41 written by D. J. Bernstein (<A
 
       
    42 HREF="mailto:djb@pobox.com">djb@pobox.com</A>) In the absence of virtual
 
       
    43 hosting (determined by the use of
 
       
    44 <EM>/var/qmail/control/virtualdomainss</EM> and IP aliases), it behaves identically to checkpassword. When virtual
 
       
    45 hosting is used, it permits logins from a unique set of users for each of
 
       
    46 the aliases.
 
       
    47 
       
    48 <P>
 
       
    49 <EM>checkvpw</EM> must be run from either the <EM>tcp-env</EM> program (part of the <EM>qmail</EM>
 
       
    50 package) or from a suitable substitute, such as <EM>tcpserver</EM>
 
       
    51 (part of the <EM>ucspi-tcp</EM> package). These packages are used to determine to which address a remote
 
       
    52 host is connecting.
 
       
    53 <EM>checkvpw</EM> must also be passed the checkpassword-compatible authentication data on
 
       
    54 file descriptor three. This can be accomplished by running it from a tool
 
       
    55 such as
 
       
    56 <EM>qmail-popup</EM>.
 
       
    57 
       
    58 <P>
 
       
    59 <EM>checkvpw</EM> accepts a command line in the following format:
 
       
    60 
       
    61 <P>
 
       
    62 <PRE>        checkvpw [subprogram] [arguments...]
 
       
    63 </PRE>
 
       
    64 <P>
 
       
    65 If the authentication information is valid, the subprogram is run,
 
       
    66 otherwise <EM>checkvpw</EM> returns an error to the program that invokes it.
 
       
    67 
       
    68 <P>
 
       
    69 If the user name contains the character <CODE>@</CODE>, the host name reported by <EM>tcp-env</EM> is replaced by the string following the
 
       
    70 <CODE>@</CODE>, and the user name is replaced by the string preceding the
 
       
    71 <CODE>@</CODE>. If the local host name reported by <EM>tcp-env</EM> matches one of those in <EM>/var/qmail/control/virtualdomains</EM>, <EM>checkvpw</EM> prepends the
 
       
    72 <EM>prepend</EM> string associated with the host name to the given user name. Wildcards in <EM>virtualdomains</EM> are permitted and are handled in the same way <EM>qmail</EM> handles them (see <EM>qmail-send</EM>). For example, if the line <CODE>.bar.com:bar</CODE> appears in the virtual hosts file, it matches <CODE>one.two.bar.com</CODE> but not <CODE>bar.com</CODE>.
 
       
    73 
       
    74 <P>
 
       
    75 If the user name resulting from the above step appears in the system
 
       
    76 password file (typically <EM>/etc/passwd</EM>), the user is treated as a local user and authenticated with the
 
       
    77 information from that file. If this authentication succeeds, the mail
 
       
    78 directory is set to the subdirectory named on the command line. If the user
 
       
    79 name does not appear in the system password file and is of the form <CODE>name-ext</CODE> where <CODE>name</CODE> does appear in the password file, the user is treated as a ``virtual'' user
 
       
    80 and authenticated with the information from a file named <EM>passwd</EM> in the user's home directory. If this authentication succeeds, the mail
 
       
    81 directory is set to the subdirectory <EM>users/ext/</EM> in the user's home directory, where
 
       
    82 <CODE>ext</CODE> is from the above step.
 
       
    83 
       
    84 <P>
 
       
    85 <EM>checkvpw</EM> also does some rewriting on the arguments of the subprogram. Any argument
 
       
    86 matching the string ``<CODE>maildir</CODE>'' (ignoring case) is replaced with the full path of the mail directory, as
 
       
    87 determined by the steps above.
 
       
    88 
       
    89 <P>
 
       
    90 This program may be invoked in combination with <EM>qmail-popup</EM> and
 
       
    91 <EM>qmail-pop3d</EM> from inetd by placing the following line in the
 
       
    92 <EM>/etc/inetd.conf</EM> configuration file (all one line):
 
       
    93 
       
    94 <P>
 
       
    95 <PRE>        pop-3 stream tcp nowait root /var/qmail/bin/tcp-env tcp-env -R /var/qmail/bin/qmail-popup &lt;hostname&gt; /usr/bin/checkvpw /var/qmail/bin/qmail-pop3d Maildir/
 
       
    96 </PRE>
 
       
    97 <P>
 
       
    98 <HR>
 
       
    99 <H1><A NAME="RETURN_VALUE">RETURN VALUE</A></H1>
 
       
   100 <P>
 
       
   101 0 if the user is successfully authenticated, nonzero if any error occurred.
 
       
   102 Exit code 1 indicates that a bad password was given, 2 indicates that the
 
       
   103 program was used incorrectly, and 111 indicates a temporary failure.
 
       
   104 
       
   105 <P>
 
       
   106 <HR>
 
       
   107 <H1><A NAME="ENVIRONMENT">ENVIRONMENT</A></H1>
 
       
   108 <P>
 
       
   109 <EM>checkvpw</EM> requires that <CODE>TCPLOCALHOST</CODE> be set to the host name of the local address of the connection.
 
       
   110 
       
   111 <P>
 
       
   112 <HR>
 
       
   113 <H1><A NAME="SEE_ALSO">SEE ALSO</A></H1>
 
       
   114 <P>
 
       
   115 <CODE>vdeliver(1)</CODE>
 
       
   116 
       
   117 <P>
 
       
   118 <HR>
 
       
   119 <H1><A NAME="AUTHOR">AUTHOR</A></H1>
 
       
   120 <P>
 
       
   121 Bruce Guenter &lt;<EM>bruceg@em.ca</EM>&gt;.
 
       
   122 
       
   123 </BODY>
 
       
   124 
       
   125 </HTML>
vmailmgr