GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages


Manual Reference Pages  -  CMD5CHECKPW (8)

NAME

cmd5checkpw - check a cram-md5 authentication

CONTENTS

Synopsis
Description

SYNOPSIS

cmd5checkpw subprogram [ args ... ]

DESCRIPTION

cmd5checkpw reads descriptor 3 through end of file and then closes descriptor 3. There must be at most 512 bytes of data before end of file.

The information supplied on descriptor 3 is a login name terminated by \0, a cram-md5 challenge terminated by \0, and a cram-md5 response terminated by \0.

cmd5checkpw encrypts the challenge with keyed MD5 using passwords from /etc/poppasswd. It’s compared with response (3rd parameter) and if they are the same then cmd5checkpw uses execvp to run subprogram with the given arguments. If they differ then it returns -1.

If challenge and response differ, cmd5checkpw exits 1. If cmd5checkpw is misused, it may instead exit 2. If there is a temporary problem checking the password, cmd5checkpw exits 111.

cmd5checkpw also tries to compare the supplied password with the password in the /etc/poppasswd file so it can be used as a plain-text checkpassword for PLAIN & LOGIN authtype (but we recommend using a crypted version for security reasons). To use it, simply provide it with clear text password as a challenge.

CHECKPASSWORD-COMPATIBLE TOOLS

cmd5checkpw tries to conform to the checkpassword interface. There are other tools that offer the same interface as checkpassword. Applications that use checkpassword are encouraged to take the checkpassword name as an argument, so that they can be used with different checkpassword-compatible tools.

Note that these tools do not follow the getopt interface. Optional features are controlled through (1) the tool name and (2) environment variables.

PROCESS-STATE CHANGES

Before invoking subprogram, cmd5checkpw does not set up anything. Just because users from /etc/poppasswd does not have to exist in the system so setting their uid,gid etc is not possible.

Other checkpassword-compatible tools may make different changes to the process state. These effects must be documented; applications will differ in their requirements.

FILES

/etc/poppasswd - this file contains pairs of logins and clear text passwords separated by ":". It looks like this:

login1:password1
login2:password2

Best way to protect it is to make it readable only for one specific user different than you normal system users and make cmd5checkpw suid that user.

VERSION

This documentation describes cmd5checkpw version 0.20. See http://www.elysium.pl/members/brush/cmd5checkpw/ for updates.

SEE ALSO

checkpassword(8)
Search for    or go to Top of page |  Section 8 |  Main Index


CMD5CHECKPW (8) -->

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.