Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
COURIERPASSD(8)			Authentication		       COURIERPASSD(8)

NAME
       courierpassd  -	change	passwords  from	 across	 the network using the
       Courier authentication library

SYNOPSIS
       courierpassd [-hV] [-s SERVICE] [--stderr]

       courierpassd -s,	--service SERVICE

       courierpassd --stderr

       courierpassd -h,	--help

       courierpassd -V,	--version

DESCRIPTION
       courierpassd allows users to change their passwords from	 remote	 loca-
       tions  using the	Courier	authentication library.	Usernames can be up to
       64 characters long while	passwords can be up to 128 characters long.

       courierpassd uses the poppassd protocol	for  obtaining	authentication
       tokens  from the	network. courierpassd is intended to be	run from a su-
       per-server such as tcpserver or xinetd.

       The service specified by	the -s switch will depend  on  the  particular
       authentication modules installed. Often 'login' will be appropriate but
       other possibilities include 'imap' and 'pop3'. This value  defaults  to
       'login'.	 See  the  Courier  documentation for a	further	explanation of
       this switch.

       The minimum uid that courierpassd will attempt to change	a password for
       can  be	set  at	compile	time using the configure option	--with-minuid.
       courierpassd will refuse	to change the password of a user whose uid  is
       below  this value. The default value is 100. This value should never be
       set to 0	as this	would allow root's password to be changed from	a  re-
       mote location.

       A  second configure option, --with-badpassdelay,	can be used to set the
       delay in	seconds	that courierpassd sleeps after an  unsuccessful	 pass-
       word  change  attempt. This feature is designed to make brute force at-
       tacks against passwords harder to perform. The default value is 3.

LOGGING
       Logging is done to syslog by default  or	 to  stderr  if	 the  --stderr
       switch is used.	courierpassd logs all password change attempts whether
       they are	successful or not.

       courierpassd does certain checks	on command line	arguments so it	is im-
       portant	to put --stderr	first in the argument list if it is to be used
       in order	for these checks to be logged properly.

EXAMPLE	CLIENT-SERVER CONVERSATION
       All messages passed between server and client are text based allowing a
       client  session to be easily mimicked with telnet. Using	telnet,	chang-
       ing a user's password would look	like this:

	    Connected to localhost.localdomain (127.0.0.1).
	    Escape character is	'^]'.
	    200	courierpassd 1.1.2 hello, who are you?\r\n
	    user <username>\r\n
	    200	Your password please.\r\n
	    pass <current password>
	    200	Your new password please.\r\n
	    newpass <new password>\r\n
	    200	Password changed, thank-you.\r\n
	    quit\r\n
	    200	Bye.\r\n
	    Connection closed by foreign host.

BUGS
       If you've found a bug  in  courierpassd,	 please	 report	 it  to	 free-
       ware@arda.homeunix.net

SEE ALSO
       http://www.courier-mta.org/authlib/

       http://echelon.pl/pubs/poppassd.html

AUTHOR
       courierpassd was	written	by Andrew St. Jean

       Courier authentication library was written by Sam Varshavchik

       poppassd	was written by Pawel Krawczyk based on an ealier version writ-
       ten by John Norstad, Roy	Smith and Daniel L. Leavitt

GNU/Linux			  20 Jan 2005		       COURIERPASSD(8)

NAME | SYNOPSIS | DESCRIPTION | LOGGING | EXAMPLE CLIENT-SERVER CONVERSATION | BUGS | SEE ALSO | AUTHOR

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=courierpassd&sektion=8&manpath=FreeBSD+12.1-RELEASE+and+Ports>

home | help