Mercurial Mercurial > vmailmgr / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
authenticate/checkvpw.html
author "Tomas Zeman <tzeman@volny.cz>"
Sun, 20 Jan 2008 00:22:25 +0100
changeset 3 3d1d327cfa68
parent 2 b3afb9f1e801
permissions -rw-r--r--
vmailmgr-0.97

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>checkvpw - check passwords for virtual and non-virtual users</title>
<link rev="made" href="mailto:Gentoo@lorien.untroubled.org" />
</head>

<body style="background-color: white">

<p><a name="__index__"></a></p>
<!-- INDEX BEGIN -->
<!--

<ul>

	<li><a href="#name">NAME</a></li>
	<li><a href="#synopsis">SYNOPSIS</a></li>
	<li><a href="#description">DESCRIPTION</a></li>
	<li><a href="#return_value">RETURN VALUE</a></li>
	<li><a href="#environment">ENVIRONMENT</a></li>
	<li><a href="#see_also">SEE ALSO</a></li>
	<li><a href="#author">AUTHOR</a></li>
</ul>
-->
<!-- INDEX END -->

<p>
</p>
<h1><a name="name">NAME</a></h1>
<p>checkvpw - check passwords for virtual and non-virtual users</p>
<p>
</p>
<hr />
<h1><a name="synopsis">SYNOPSIS</a></h1>
<p><strong>checkvpw</strong> <strong>subprogram</strong> [<strong>arguments...</strong>]</p>
<p>
</p>
<hr />
<h1><a name="description">DESCRIPTION</a></h1>
<p>This program is a drop-in replacement for the standard checkpassword,
written by D. J. Bernstein (<a href="mailto:djb@pobox.com">djb@pobox.com</a>)
In the absence of virtual hosting (determined by the use of
<em>/var/qmail/control/virtualdomainss</em> and IP aliases),
it behaves identically to checkpassword.
When virtual hosting is used, it permits logins from a unique set of
users for each of the aliases.</p>
<p><em>checkvpw</em> must be run from either the <em>tcp-env</em> program
(part of the <em>qmail</em>
package) or from a suitable substitute, such as <em>tcpserver</em>
(part of the <em>ucspi-tcp</em> package).
These packages are used to determine to
which address a remote host is connecting.
<em>checkvpw</em> must also be passed the checkpassword-compatible
authentication data on file descriptor three.
This can be accomplished by running it from a tool such as
<em>qmail-popup</em>.</p>
<p><em>checkvpw</em> accepts a command line in the following format:</p>
<pre>
        checkvpw [subprogram] [arguments...]</pre>
<p>If the authentication information is valid, the subprogram is run,
otherwise <em>checkvpw</em> returns an error to the program that invokes it.</p>
<p>If the user name contains the character <code>@</code>, the host name
reported by <em>tcp-env</em> is replaced by the string following the
<code>@</code>, and the user name is replaced by the string preceding the
<code>@</code>.
If the local host name reported by <em>tcp-env</em> matches one of those
in <em>/var/qmail/control/virtualdomains</em>, <em>checkvpw</em> prepends the
<em>prepend</em> string associated with the host name to the given user
name.
Wildcards in <em>virtualdomains</em> are permitted and are handled in the
same way <em>qmail</em> handles them (see <em>qmail-send</em>).
For example, if the line <code>.bar.com:bar</code> appears in the virtual hosts
file, it matches <code>one.two.bar.com</code> but not <code>bar.com</code>.</p>
<p>If the user name resulting from the above step appears in the system
password file (typically <em>/etc/passwd</em>), the user is treated as a
local user and authenticated with the information from that file.
If this authentication succeeds, the mail directory is set to the
subdirectory named on the command line.
If the user name does not appear in the system password file and is of
the form <code>name-ext</code> where <code>name</code> does appear in the password
file, the user is treated as a ``virtual'' user and authenticated with the
information from a file named <em>passwd</em> in the user's home directory.
If this authentication succeeds, the mail directory is set to the
subdirectory <em>users/ext/</em> in the user's home directory, where
<code>ext</code> is from the above step.</p>
<p><em>checkvpw</em> also does some rewriting on the arguments of the
subprogram.
Any argument matching the string ``<code>maildir</code>'' (ignoring case) is
replaced with the full path of the mail directory, as determined by the
steps above.</p>
<p>This program may be invoked in combination with <em>qmail-popup</em> and
<em>qmail-pop3d</em> from inetd by placing the following line in the
<em>/etc/inetd.conf</em> configuration file (all one line):</p>
<pre>
        pop-3 stream tcp nowait root /var/qmail/bin/tcp-env tcp-env -R /var/qmail/bin/qmail-popup &lt;hostname&gt; /usr/bin/checkvpw /var/qmail/bin/qmail-pop3d Maildir/</pre>
<p>
</p>
<hr />
<h1><a name="return_value">RETURN VALUE</a></h1>
<p>0 if the user is successfully authenticated, nonzero if any error
occurred.  Exit code 1 indicates that a bad password was given, 2
indicates that the program was used incorrectly, and 111 indicates
a temporary failure.</p>
<p>
</p>
<hr />
<h1><a name="environment">ENVIRONMENT</a></h1>
<p><em>checkvpw</em> requires that <code>TCPLOCALHOST</code> be set to the host name of
the local address of the connection.</p>
<p>
</p>
<hr />
<h1><a name="see_also">SEE ALSO</a></h1>
<p><code>vdeliver(1)</code></p>
<p>
</p>
<hr />
<h1><a name="author">AUTHOR</a></h1>
<p>Bruce Guenter &lt;<em><a href="mailto:bruceg@em.ca">bruceg@em.ca</a></em>&gt;.</p>

</body>

</html>
vmailmgr