GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages


Manual Reference Pages  -  COURIERPASSWD (8)

NAME

couirerpasswd - Authenticate users and change passwords using the Courier authentication library

CONTENTS

SYNOPSIS

courierpasswd [-chvV] [-s SERVICE] [-C CRAMTYPE] [--stdin] [--stderr] [prog...]

courierpasswd -s, --service SERVICE

courierpasswd -c, --changepwd

courierpasswd -C, --cramtype CRAMTYPE

courierpasswd -h, --help

courierpasswd -V, --version

Additional options (see below):


        [-v, --verbose] [--stdin] [--stderr]

DESCRIPTION

courierpasswd uses courier authentication modules to authenticate users and to change their passwords. Using the --changepwd option will change a user’s password, otherwise the user will be authenticated. The password changing functionality is not available for users authenticated with CRAM.

courierpasswd uses the checkpassword protocol for obtaining authentication tokens from either file descriptor 3 or from stdin (see below). checkpassword style programs are usually run by network server programs that wish to authenticate remote users.

The service to use with courierpasswd will depend on the specific authentication modules installed. Often ’login’ will be appropriate but other possibilities include ’imap’ and ’pop3’. This value defaults to ’login’. See the Courier documentation for a further explanation of this option.

When authenticating users with CRAM, courierpasswd’s --cramtypeoptioncanbeusedtospecifytheCRAMtype.Validchoicesfor --cramtypeare’md5’,’sha1’and’sha256’.Ifnotspecified,CRAMtype defaults to md5. Passwords cannot be changed when the --cramtypeoptionisusedwithcourierpasswd.Ifboththe --changepwd and --cramtypeoptionsarepresent,the --cramtypeoptionwillbeignored.

LOGGING

courierpasswd logs attempts to authenticate users and change passwords, successful or not, to syslog or to stderr if the --stderr option is used.

courierpasswd does certain checks on command line arguments so it is important to put --stderrfirstintheargumentlistifitistobeused in order for these checks to be logged properly.

DEBUGGING

You can turn on verbose output using the -v or --verbose option. courierpasswd starts to log all of its actions and the results of those actions to stderr.

There is a way to manually trace how the courierpasswd changes passwords: use the --stdin and --stderr options. With these options courierpasswd reads authentication tokens from stdin, and logs actions to stderr. You can trace the activity of courierpasswd when authenticating a user with the following command:

$ echo -e "username\0oldpassword\0" \
| courierpasswd --stderr --stdin --verbose

or when using CRAM:

$ echo -e "username\0challenge\0response\0" \
| courierpasswd --stderr --stdin --verbose --cramtype sha1

or when changing a password with this command:

$ echo -e "username\0oldpassword\0newpassword\0" \
| courierpasswd --stderr --stdin --verbose --changepwd

These commands fail if either password begins with a number. In such a case, the echo command can be replaced with either of the following statements when authenticating a user. Which one is chosen will depend on the scripting language available.

$ python -c ’print "%s\0%s\0" % \
("username","oldpassword")’

or

$ perl -e ’printf "%s\0%s\0","username","oldpassword"’

When changing a password, use one of these two commands:

$ python -c ’print "%s\0%s\0%s\0" % \
("username","oldpassword","newpassword")’

or

$ perl -e ’printf "%s\0%s\0%s\0","username", \
"oldpassword","newpassword"’

BUGS

If you’ve found a bug in courierpasswd, please report it to freeware@arda.homeunix.net

SEE ALSO

http://cr.yp.to/checkpwd.html

http://www.courier-mta.org/authlib/

AUTHOR

courierpasswd was written by Andrew St. Jean

checkpassword interface was designed by Daniel J. Bernstein.

Courier authentication library was written by Sam Varshavchik

Search for    or go to Top of page |  Section 8 |  Main Index


GNU/Linux COURIERPASSWD (8) 20 Jan 2005

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.