DragonFly On-Line Manual Pages

Search: Section:  

cmd5checkpw(8)         DragonFly System Manager's Manual        cmd5checkpw(8)


NAME

       cmd5checkpw - check a cram-md5 authentication


SYNOPSIS

       cmd5checkpw subprogram [ args ...  ]


DESCRIPTION

       cmd5checkpw reads descriptor 3 through end of file and then closes
       descriptor 3.  There must be at most 512 bytes of data before end of
       file.

       The information supplied on descriptor 3 is a login name terminated by
       \0, a cram-md5 challenge terminated by \0, and a cram-md5 response
       terminated by \0.

       cmd5checkpw encrypts the challenge with keyed MD5 using passwords from
       /etc/poppasswd.  It's compared with response (3rd parameter) and if
       they are the same then cmd5checkpw uses execvp to run subprogram with
       the given arguments.  If they differ then it returns -1.

       If challenge and response differ, cmd5checkpw exits 1.  If cmd5checkpw
       is misused, it may instead exit 2.  If there is a temporary problem
       checking the password, cmd5checkpw exits 111.

       cmd5checkpw also tries to compare the supplied password with the
       password in the /etc/poppasswd file so it can be used as a plain-text
       checkpassword for PLAIN & LOGIN authtype (but we recommend using a
       crypted version for security reasons). To use it, simply provide it
       with clear text password as a challenge.

CHECKPASSWORD-COMPATIBLE TOOLS
       cmd5checkpw tries to conform to the checkpassword interface.  There are
       other tools that offer the same interface as checkpassword.
       Applications that use checkpassword are encouraged to take the
       checkpassword name as an argument, so that they can be used with
       different checkpassword-compatible tools.

       Note that these tools do not follow the getopt interface.  Optional
       features are controlled through (1) the tool name and (2) environment
       variables.

PROCESS-STATE CHANGES
       Before invoking subprogram, cmd5checkpw does not set up anything. Just
       because users from /etc/poppasswd does not have to exist in the system
       so setting their uid,gid etc is not possible.

       Other checkpassword-compatible tools may make different changes to the
       process state.  These effects must be documented; applications will
       differ in their requirements.


FILES

       /etc/poppasswd - this file contains pairs of logins and clear text
       passwords separated by ":". It looks like this:

       login1:password1
       login2:password2

       Best way to protect it is to make it readable only for one specific
       user different than you normal system users and make cmd5checkpw suid
       that user.


VERSION

       This documentation describes cmd5checkpw version 0.20.  See
       http://www.elysium.pl/members/brush/cmd5checkpw/ for updates.


SEE ALSO

       checkpassword(8)

                                                                cmd5checkpw(8)

Search: Section: