Unix/Linux Go Back    

RedHat 9 (Linux i386) - man page for ckpasswd (redhat section 1)

Linux & Unix Commands - Search Man Pages
Man Page or Keyword Search:   man
Select Man Page Set:       apropos Keyword Search (sections above)

CKPASSWD(1)			    InterNetNews Documentation			      CKPASSWD(1)

       ckpasswd - nnrpd password authenticator

       ckpasswd [-s] [-d database] [-f filename]

       ckpasswd is the basic password authenticator for nnrpd, suitable for being run from an
       auth stanza in readers.conf(5).	See readers.conf(5) for more information on how to con-
       figure an nnrpd authenticator.

       ckpasswd accepts a username and password from nnrpd and tells nnrpd(8) whether that's the
       correct password for that username.  By default, when given no arguments, it checks the
       password against the password field returned by getpwnam(3).  Note that these days most
       systems no longer make real passwords available via getpwnam(3) (some still do if and only
       if the program calling getpwnam(3) is running as root).

       Note that ckpasswd expects all passwords to be stored encrypted by the system crypt(3)
       function and calls crypt(3) on the supplied password before comparing it to the expected

       -d database
	   Read passwords from a database (ndbm or dbm format depending on what your system has)
	   rather than by using getpwnam(3).  ckpasswd expects database.dir and database.pag to
	   exist and to be a database keyed by username with the encrypted passwords as the val-

	   While INN doesn't come with a program intended specifically to create such databases,
	   on most systems it's fairly easy to write a Perl script to do so.  Something like:

	       use NDBM_File;
	       use Fcntl;
	       tie (%db, 'NDBM_File', '/path/to/database', O_RDWR | O_CREAT, 0640)
		   or die "Cannot open /path/to/database: $!\n";
	       $| = 1;
	       print "Username: ";
	       my $user = <STDIN>;
	       chomp $user;
	       print "Password: ";
	       my $passwd = <STDIN>;
	       chomp $passwd;
	       my @alphabet = ('.', '/', 0..9, 'A'..'Z', 'a'..'z');
	       my $salt = join '', @alphabet[rand 64, rand 64];
	       $db{$user} = crypt ($passwd, $salt);
	       untie %db;

	   Note that this will echo back the password when typed; there are obvious improvements
	   that could be made to this, but it should be a reasonable start.

	   This option will not be available on systems without dbm or ndbm libraries.

       -f filename
	   Read passwords from the given file rather than using getpwnam(3).  The file is
	   expected to be formatted like a system password file, at leat vaguely.  That means
	   each line should look something like:


	   (and each line may have an additional colon after the encrypted password and addi-
	   tional data; that data will be ignored by ckpasswd).  INN does not come with a utility
	   to create the encrypted passwords, but it's a quick job with Perl (see the example
	   script under -d).

       -s  Check passwords against the result of getspnam(3) instead of getpwnam(3).  This func-
	   tion, on those systems that supports it, reads from /etc/shadow or similar more
	   restricted files.  If you want to check passwords supplied to nnrpd(8) against system
	   account passwords, you will probably have to use this option on most systems.

	   Most systems require special privileges to call getspnam(3), so in order to use this
	   option you may need to make ckpasswd setgid to some group (like group "shadow") or
	   even setuid root.  ckpasswd has not been specifically audited for such uses!  It is,
	   however, a very small program that you should be able to check by hand for security.

	   This configuration is not recommended if it can be avoided, since the NNTP protocol
	   has no way of protecting passwords from casual interception, and using system pass-
	   words to authenticate NNTP connections therefore opens you up to the risk of password
	   sniffing.  If you do use system passwords to authenticate connections, you should
	   seriously consider only doing NNTP through ssh tunnels or over SSL.

       See readers.conf(5) for examples of nnrpd(8) authentication configuration that uses
       ckpasswd to check passwords.

       Written by Russ Allbery <rra@stanford.edu> for InterNetNews.

       $Id: ckpasswd.1,v 2000/11/06 08:41:11 rra Exp $

       readers.conf(5), nnrpd(8)

3rd Berkeley Distribution		     INN 2.3				      CKPASSWD(1)
Unix & Linux Commands & Man Pages : ©2000 - 2018 Unix and Linux Forums

All times are GMT -4. The time now is 07:51 AM.