Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

userdbpw(8) [debian man page]

USERDBPW(8)						      Double Precision, Inc.						       USERDBPW(8)

NAME

       userdbpw - create an encrypted password

SYNOPSIS

       userdbpw [[-md5] | [-hmac-md5] | [-hmac-sha1]] |userdb {name} set {field}

DESCRIPTION

       userdbpw enables secure entry of encrypted passwords into /etc/courier/userdb.

       userdbpw reads a single line of text on standard input, encrypts it, and prints the encrypted result to standard output.

       If standard input is attached to a terminal device, userdbpw explicitly issues a "Password: " prompt on standard error, and turns off echo
       while the password is entered.

       The -md5 option is available on systems that use MD5-hashed passwords (such as systems that use the current version of the PAM library for
       authenticating, with MD5 passwords enabled). This option creates an MD5 password hash, instead of using the traditional crypt() function.

       -hmac-md5 and -hmac-sha1 options are available only if the userdb library is installed by an application that uses a challenge/response
       authentication mechanism.  -hmac-md5 creates an intermediate HMAC context using the MD5 hash function.  -hmac-sha1 uses the SHA1 hash
       function instead. Whether either HMAC function is actually available depends on the actual application that installs the userdb library.

       Note that even though the result of HMAC hashing looks like an encrypted password, it's really not. HMAC-based challenge/response
       authentication mechanisms require the cleartext password to be available as cleartext. Computing an intermediate HMAC context does scramble
       the cleartext password, however if its compromised, it WILL be possible for an attacker to succesfully authenticate. Therefore,
       applications that use challenge/response authentication will store intermediate HMAC contexts in the "pw" fields in the userdb database,
       which will be compiled into the userdbshadow.dat database, which has group and world permissions turned off. The userdb library also
       requires that the cleartext userdb source for the userdb.dat and userdbshadow.dat databases is also stored with the group and world
       permissions turned off.

       userdbpw is usually used together in a pipe with userdb, which reads from standard input. For example:

	   userdbpw -md5 | userdb users/john set systempw

       or:

	   userdbpw -hmac-md5 | userdb users/john set hmac-md5pw

       These commands set the systempw field in the record for the user john in /etc/courier/userdb/users file, and the hmac-md5pw field. Don't
       forget to run makeuserdb for the change to take effect.

       The following command does the same thing:

	   userdb users/john set systempw=SECRETPASSWORD

       However, this command passes the secret password as an argument to the userdb command, which can be viewed by anyone who happens to run
       ps(1) at the same time. Using userdbpw allows the secret password to be specified in a way that cannot be easily viewed by ps(1).

SEE ALSO

       userdb(8)[1], makeuserdb(8)[2]

NOTES

	1. userdb(8)
	   userdb.html

	2. makeuserdb(8)
	   makeuserdb.html

Double Precision, Inc.						    08/23/2008							       USERDBPW(8)

Check Out this Related Man Page

COURIERPOP3D(8) 					      Double Precision, Inc.						   COURIERPOP3D(8)

NAME

       courierpop3d - The Courier POP3 server

SYNOPSIS

       /usr/sbin/couriertcpd {-nodnslookup} {-stderr=syslog} {110} {/usr/lib/courier/courier/courierpop3login} [modules...]
			     {/usr/lib/courier/courier/courierpop3d} {./Maildir}

DESCRIPTION

       This is a simple POP3 server for Maildirs.

	   Note
	   The couriertcpd, courierpop3login, and courierpop3d modules may be installed elsewhere than indicated here.

       courierpop3login is usually started by couriertcpd. It already expects that a POP3 client is connected to standard input and output,
       presumably via a network socket.  courierpop3login reads the POP3 userid and password, then runs the authentication modules. The remaining
       arguments are passed along as arguments to modules.

       modules is one or more authentication modules (see the authlib(7)[1] manual page).

       Each authentication modules runs the program specified by its first argument, allowing the authentication modules to be chained. The last
       program in the chain is courierpop3d , which provides the actual POP3 service. In accordance with the authentication protocol, as described
       in authlib(7)[1] courierpop3d reads file descriptor 3 to see if the userid/password has been succesfully validated. If not, courierpop3d
       terminates.

       Otherwise, courierpop3d expects to be already running under the appropriate user and group id, with its current directory set to the
       account's home directory.

       The first order of business is to find the account's Maildir. If the environment variable MAILDIR is set, that's where we go. That should
       be the pathname to the account's Maildir. The environment variable MAILDIR may be set by the authentication module. If MAILDIR is not set,
       courierpop3d uses its first argument. Usually, the default maildir is $HOME/Maildir, therefore the first argument to courierpop3d is
       "./Maildir".

SEE ALSO

       authlib(7)[1], userdb(8)[2].

AUTHOR

       Sam Varshavchik
	   Author

NOTES

	1. authlib(7)
	   [set $man.base.url.for.relative.links]/authlib.html

	2. userdb(8)
	   [set $man.base.url.for.relative.links]/userdb.html

Courier Mail Server						    04/04/2011							   COURIERPOP3D(8)
Man Page