Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

courierpassd(8) [debian man page]

COURIERPASSD(8) 						  Authentication						   COURIERPASSD(8)

NAME

       courierpassd - change passwords from across the network using the Courier authentication library

SYNOPSIS

       courierpassd [-hV] [-s SERVICE] [--stderr]

       courierpassd -s, --service SERVICE

       courierpassd --stderr

       courierpassd -h, --help

       courierpassd -V, --version

DESCRIPTION

       courierpassd  allows users to change their passwords from remote locations using the Courier authentication library. Usernames can be up to
       64 characters long while passwords can be up to 128 characters long.

       courierpassd uses the poppassd protocol for obtaining authentication tokens from the network. courierpassd is intended to  be  run  from  a
       super-server such as tcpserver or xinetd.

       The  service  specified	by the -s switch will depend on the particular authentication modules installed. Often 'login' will be appropriate
       but other possibilities include 'imap' and 'pop3'. This value defaults to 'login'. See the Courier documentation for a further  explanation
       of this switch.

       The  minimum  uid  that	courierpassd  will  attempt to change a password for can be set at compile time using the configure option --with-
       minuid.	courierpassd will refuse to change the password of a user whose uid is below this value. The default  value  is  100.  This  value
       should never be set to 0 as this would allow root's password to be changed from a remote location.

       A  second  configure  option,  --with-badpassdelay,  can be used to set the delay in seconds that courierpassd sleeps after an unsuccessful
       password change attempt. This feature is designed to make brute force attacks against passwords harder to perform. The default value is 3.

LOGGING

       Logging is done to syslog by default or to stderr if the --stderr switch is used.  courierpassd logs all password change  attempts  whether
       they are successful or not.

       courierpassd  does  certain  checks  on command line arguments so it is important to put --stderr first in the argument list if it is to be
       used in order for these checks to be logged properly.

EXAMPLE CLIENT-SERVER CONVERSATION
       All messages passed between server and client are text based allowing a client session to be easily mimicked  with  telnet.  Using  telnet,
       changing a user's password would look like this:

	    Connected to localhost.localdomain (127.0.0.1).
	    Escape character is '^]'.
	    200 courierpassd 1.1.2 hello, who are you?

	    user <username>

	    200 Your password please.

	    pass <current password>
	    200 Your new password please.

	    newpass <new password>

	    200 Password changed, thank-you.

	    quit

	    200 Bye.

	    Connection closed by foreign host.

BUGS

       If you've found a bug in courierpassd, please report it to freeware@arda.homeunix.net

SEE ALSO

       http://www.courier-mta.org/authlib/

       http://echelon.pl/pubs/poppassd.html

AUTHOR

       courierpassd was written by Andrew St. Jean

       Courier authentication library was written by Sam Varshavchik

       poppassd was written by Pawel Krawczyk based on an ealier version written by John Norstad, Roy Smith and Daniel L. Leavitt

GNU
/Linux							    20 Jan 2005 						   COURIERPASSD(8)

Check Out this Related Man Page

pam_chauthtok(3)					     Library Functions Manual						  pam_chauthtok(3)

NAME

       pam_chauthtok - perform password related functions within the PAM framework

SYNOPSIS

       [ flag ... ] file ...  [ library ... ]

DESCRIPTION

       is called to change the authentication token associated with a particular user referenced by the authentication handle, pamh.

       The following flag may be passed in to

       The password service should not generate any messages.

       The password service should only update those passwords that have aged.
	      If this flag is not passed, all password services should update their passwords.

       Upon  successful  completion of the call, the authentication token of the user will be changed in accordance with the password service con-
       figured in the system through pam.conf(4).

   Notes
       The flag is typically used by a application which has determined that the user's password has aged or expired.  Before allowing the user to
       login, the application may invoke with this flag to allow the user to update the password.  Typically applications such as passwd(1) should
       not use this flag.

       performs a preliminary check before attempting to update passwords. This check is performed for each password module in the stack as listed
       in  pam.conf(4).   The  check  may  include  pinging remote name services to determine if they are available. If returns then the check has
       failed, and passwords are not updated.

APPLICATION USAGE

       Refer to pam(3) for information on thread-safety of PAM interfaces.

RETURN VALUE

       Upon successful completion, is returned.  In addition to the error return values described in pam(3), the following values may be returned:

       No permission.

       Authentication token manipulation error.

       Authentication information cannot be recovered.

       Authentication token lock busy.

       Authentication token aging disabled.

       User unknown to password service.

       Preliminary check by password service failed.

SEE ALSO

       pam(3), pam_start(3), pam_authenticate(3).

																  pam_chauthtok(3)
Man Page