User Tools
Site Tools
qmail-chkpw
Discontinued! The courier-authlib provides a much better and more flexible interface!
qmail-chkpw is a checkpassword compliant tool to do SMTP authentication against its own password file. It can do AUTH PLAIN, AUTH LOGIN and AUTH CRAM-MD5.
| Version: | qmail-chkpw-0.4 | ||
|---|---|---|---|
| Released: | 26th April 2016 | ||
| Download: | qmail-chkpw-latest | ||
| Checksum: | sha256sum |
qmail-chkpw will be discussed on the openqmail mailing list.
Install
This describes how to install qmail-chkpw as a separate package. If you did install it together with openQmail move on to the Configuration.
Download the sources and extract it. Change into the source folder and check the files conf-qmail and conf-man . Then simply run:
make install
Thats it. If eQmail or derivatives are installed in /var/qmail there should be now /var/qmail/bin/qmail-chkpw and the password file /var/qmail/users/smtpauth . By default both files are owned by qmaild.qmail and qmail-chkpw is executable by this owner.
Configuration
During the installation an empty password file users/smtpauth will be created if it doesn't exists. It looks like:
# This file is used by qmail-chkpw # # Format of this file is one user:pass per line (without empty lines) # Like so... # j0edogger:sm311yf33t # j1mdogger:$6$ZkiGKjCK$VDvQqJ04j8DwZIoK.C0lbj/QRgpjsM8En4P4x8mTPgYWfnR0CVOrCE7XOvqPeEmXe38LSk/wloZa0Y407L5Ve/
Important! Lines beginning with # are comments and will be ignored. Empty lines are not allowed. A line MUST NOT start with a white space.
Add qmail-chkpw as an argument to qmail-smtpd or use it with qmail-pwrap (recommended).
Usage
The standard behavior of qmail-chkpw is to check passwords. Additional it supports two options to encrypt passwords. The encrypted password will be printed to stderr .
-e prompt for password input on the command line and encrypt it.
-r read a password from stdin and encrypt it.
Use qmail-chkpw -e to manual encrypt a password on the command line:
$ qmail-chkpw -e $ New password: <put "testpass" here and hit enter> $ Repeat password: <repeat "testpass" and hit enter> $ $6$QkB7Kb3G$pyYT/beGjy1u9BFGX70Py3qZnVfuGWB5zE9C4FKrus9atP.jZzj9meyA1xh1jsBJnES0P/TcapPKu/16/8CxS.
To automate the encryption of passwords there can be done something like this:
$ qmail-chkpw -e 2>tmpfile
The encrypted password will be written to tmpfile and can be used for further processing. Or in case the password was inserted and checked by an external tool:
$ echo -n "password" | qmail-chkpw -r 2>tmpfile
This could be an example only. There multiple ways to handle the pipe. It is the users responsibility to complete such automation.
Adding the user “foo” for AUTH LOGIN and the user “bar” for AUTH CRAM-MD5 the file smtpauth will have the following entries:
# This file is used by qmail-chkpw # # Format of this file is one user:pass per line (without empty lines) # foo:$6$ZkiGKjCK$VDvQqJ04j8DwZIoK.C0lbj/QRgpjsM8En4P4x8mTPgYWfnR0CVOrCE7XOvqPeEmXe38LSk/wloZa0Y407L5Ve/ bar:pass
Important! The first matching username will be used. Thus a username can have either an encrypted password or not.
Links
- Initial Blog Article (includes some examples for tests)