Man Linux: Main Page and Category List


       couirerpasswd  -  Authenticate  users  and  change  passwords using the
       Courier authentication library


       courierpasswd [-chvV] [-s SERVICE] [-C CRAMTYPE]  [--stdin]  [--stderr]

       courierpasswd -s, --service SERVICE

       courierpasswd -c, --changepwd

       courierpasswd -C, --cramtype CRAMTYPE

       courierpasswd -h, --help

       courierpasswd -V, --version

       Additional options (see below):
                   [-v, --verbose] [--stdin] [--stderr]


       courierpasswd uses courier authentication modules to authenticate users
       and to change their passwords. Using the --changepwd option will change
       a  user’s  password,  otherwise  the  user  will  be authenticated. The
       password  changing   functionality   is   not   available   for   users
       authenticated with CRAM.

       courierpasswd   uses   the   checkpassword   protocol   for   obtaining
       authentication tokens from either file descriptor 3 or from stdin  (see
       below).  checkpassword style programs are usually run by network server
       programs that wish to authenticate remote users.

       The service to use with  courierpasswd  will  depend  on  the  specific
       authentication  modules  installed.   Often ’login’ will be appropriate
       but other possibilities include ’imap’ and ’pop3’. This value  defaults
       to  ’login’. See the Courier documentation for a further explanation of
       this option.

       When authenticating users with CRAM, courierpasswds --cramtype  option
       can  be used to specify the CRAM type. Valid choices for --cramtype are
       ’md5’ and  ’sha1’.  If  not  specified,  CRAM  type  defaults  to  md5.
       Passwords  cannot  be  changed  when the --cramtype option is used with
       courierpasswd. If both  the  --changepwd  and  --cramtype  options  are
       present, the --cramtype option will be ignored.


       courierpasswd logs attempts to authenticate users and change passwords,
       successful or not, to syslog or to stderr if  the  --stderr  option  is

       courierpasswd  does  certain  checks on command line arguments so it is
       important to put --stderr first in the argument list if  it  is  to  be
       used in order for these checks to be logged properly.


       You  can  turn  on  verbose  output  using  the -v or --verbose option.
       courierpasswd starts to log all of its actions and the results of those
       actions to stderr.

       There  is  a  way  to  manually  trace  how  the  courierpasswd changes
       passwords: use the --stdin and --stderr options.   With  these  options
       courierpasswd  reads authentication tokens from stdin, and logs actions
       to  stderr.   You  can  trace  the  activity  of   courierpasswd   when
       authenticating a user with the following command:

           $ echo -e "username\0oldpassword\0" \
             | courierpasswd --stderr --stdin --verbose

       or when using CRAM:

           $ echo -e "username\0challenge\0response\0" \
             | courierpasswd --stderr --stdin --verbose --cramtype sha1

       or when changing a password with this command:

           $ echo -e "username\0oldpassword\0newpassword\0" \
             | courierpasswd --stderr --stdin --verbose --changepwd

       These commands fail if either  password begins with a number. In such a
       case, the echo command can be replaced with  either  of  the  following
       statements  when authenticating a user. Which one is chosen will depend
       on the scripting language available.

           $ python -c ’print "%s\0%s\0" % \


           $ perl -e ’printf "%s\0%s\0","username","oldpassword"’

       When changing a password, use one of these two commands:

           $ python -c ’print "%s\0%s\0%s\0" % \


           $ perl -e ’printf "%s\0%s\0%s\0","username", \


       If  you’ve  found  a  bug  in  courierpasswd,  please  report   it   to



       courierpasswd was written by Andrew St. Jean

       checkpassword interface was designed by Daniel J. Bernstein.

       Courier authentication library was written by Sam Varshavchik