Man Linux: Main Page and Category List

NAME

       courierpassd  -  change  passwords  from  across  the network using the
       Courier authentication library

SYNOPSIS

       courierpassd [-hV] [-s SERVICE] [--stderr]

       courierpassd -s, --service SERVICE

       courierpassd --stderr

       courierpassd -h, --help

       courierpassd -V, --version

DESCRIPTION

       courierpassd  allows  users  to  change  their  passwords  from  remote
       locations using the Courier authentication library. Usernames can be up
       to 64 characters long while passwords can be up to 128 characters long.

       courierpassd  uses  the  poppassd protocol for obtaining authentication
       tokens from the network. courierpassd is intended  to  be  run  from  a
       super-server such as tcpserver or xinetd.

       The  service  specified  by the -s switch will depend on the particular
       authentication modules installed. Often ’login’ will be appropriate but
       other  possibilities  include ’imap’ and ’pop3’. This value defaults to
       ’login’. See the Courier documentation for  a  further  explanation  of
       this switch.

       The minimum uid that courierpassd will attempt to change a password for
       can be set at compile time using the  configure  option  --with-minuid.
       courierpassd  will refuse to change the password of a user whose uid is
       below this value. The default value is 100. This value should never  be
       set  to  0  as  this  would  allow root’s password to be changed from a
       remote location.

       A second configure option, --with-badpassdelay, can be used to set  the
       delay  in  seconds  that  courierpassd  sleeps  after  an  unsuccessful
       password change attempt. This feature is designed to make  brute  force
       attacks against passwords harder to perform. The default value is 3.

LOGGING

       Logging  is  done  to  syslog  by  default or to stderr if the --stderr
       switch is used.  courierpassd logs all password change attempts whether
       they are successful or not.

       courierpassd  does  certain  checks  on command line arguments so it is
       important to put --stderr first in the argument list if  it  is  to  be
       used in order for these checks to be logged properly.

EXAMPLE CLIENT-SERVER CONVERSATION

       All messages passed between server and client are text based allowing a
       client session  to  be  easily  mimicked  with  telnet.  Using  telnet,
       changing a user’s password would look like this:

            Connected to localhost.localdomain (127.0.0.1).
            Escape character is ’^]’.
            200 courierpassd 1.1.2 hello, who are you?\r\n
            user <username>\r\n
            200 Your password please.\r\n
            pass <current password>
            200 Your new password please.\r\n
            newpass <new password>\r\n
            200 Password changed, thank-you.\r\n
            quit\r\n
            200 Bye.\r\n
            Connection closed by foreign host.

BUGS

       If   you’ve   found   a  bug  in  courierpassd,  please  report  it  to
       freeware@arda.homeunix.net

SEE ALSO

       http://www.courier-mta.org/authlib/

       http://echelon.pl/pubs/poppassd.html

AUTHOR

       courierpassd was written by Andrew St. Jean

       Courier authentication library was written by Sam Varshavchik

       poppassd was written by Pawel  Krawczyk  based  on  an  ealier  version
       written by John Norstad, Roy Smith and Daniel L. Leavitt