User Tools
Site Tools
qmail-pwrap
qmail-pwrap is a wrapper to use multiple checkpassword compliant tools. Thus multiple different authentication backends can be used.
| Version: | qmail-pwrap-0.3 | ||
|---|---|---|---|
| Release: | 25th April 2016 | ||
| Download: | qmail-pwrap-latest.tgz | ||
| Checksum: | sha256sum |
qmail-pwrap will be discussed on the openqmail mailing list.
Install
This describes how to install qmail-pwrap as a separate package. If you did install it together with openQmail move on to the Configuration.
Extract the downloaded sources. Change into the source folder and check the files conf-qmail and conf-usrgrp . Then simply run:
make install
Thats it. If eQmail or derivatives are installed in /var/qmail there should be now /var/qmail/bin/qmail-pwrap and the config file /var/qmail/control/checkpwtools
Configuration
During the installation the config file control/checkpwtools will be created. It looks like:
# config file for qmail-pwrap # # Add one tool per line. Lines beginning with a '#' and empty lines # will be ignored. If a tool can not be `stat`'ed it will be ignored. # Thus the absolute path have to be given. # /bin/cmd5checkpw /usr/sbin/courierpasswd /var/qmail/bin/qmail-chkpw
The config file can be edited on the fly. Add the tools which are necessary. After saving it the changes are active. The empty line is just an example to show that this line will be ignored.
Beware that
- empty lines will be ignored
- lines starting with a
#will be ignored - if a tool can not be stat'ed, the line/tool will be ignored
- it have to be readable by the owner of qmail-pwrap (usually qmaild, access rights 0644)
Attention: If not at least one valid checkpassword entry was found, authentication will be denied.
To activate qmail-pwrap add it as argument to qmail-smtpd . By using ucspi-tcp/daemontools it is similar to this:
exec /usr/bin/tcpserver -p -v -R -x /etc/tcprules.d/tcp.qmail-smtp.cdb \ -c 40 -u 201 -g 200 0 smtp /var/qmail/bin/qmail-smtpd /var/qmail/qmail-pwrap /bin/true
By using xinetd set it in the related start file, e.g. /var/qmail/boot/qmail-xinetd :
/var/qmail/bin/qmail-smtpd /var/qmail/bin/qmail-pwrap 2>&1 1>&3 3>&- | /var/qmail/bin/splogger xinetd-smtpd 3>&-
The AUTH environment variable
Doing authentication is controlled by an environment variable AUTH . If it is not set, qmail-pwrap sets AUTH=1 . Thus authentication is active by default. To deactivate authentication set the environment variable explicit to AUTH=0 .
After successful authentication qmail-pwrap changes it to AUTH=<authenticated username> , otherwise it stays untouched. Thus can be used for further processing/filtering.