Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
COURIERPASSWD(8)		Authentication		      COURIERPASSWD(8)

       couirerpasswd  -	 Authenticate  users  and  change  passwords using the
       Courier authentication library

       courierpasswd [-chvV] [-s SERVICE] [-C CRAMTYPE]	 [--stdin]  [--stderr]

       courierpasswd -s, --service SERVICE

       courierpasswd -c, --changepwd

       courierpasswd -C, --cramtype CRAMTYPE

       courierpasswd -h, --help

       courierpasswd -V, --version

       Additional options (see below):
		   [-v,	--verbose] [--stdin] [--stderr]

       courierpasswd uses courier authentication modules to authenticate users
       and to change their passwords. Using the	--changepwd option will	change
       a  user's password, otherwise the user will be authenticated. The pass-
       word changing functionality is not available  for  users	 authenticated
       with CRAM.

       courierpasswd uses the checkpassword protocol for obtaining authentica-
       tion tokens from	either file descriptor 3 or from  stdin	 (see  below).
       checkpassword style programs are	usually	run by network server programs
       that wish to authenticate remote	users.

       The service to use with courierpasswd will depend on the	 specific  au-
       thentication  modules installed.	 Often 'login' will be appropriate but
       other possibilities include 'imap' and 'pop3'. This value  defaults  to
       'login'.	 See  the  Courier  documentation for a	further	explanation of
       this option.

       When authenticating users with CRAM, courierpasswd's --cramtype	option
       can  be used to specify the CRAM	type. Valid choices for	--cramtype are
       'md5', 'sha1' and 'sha256'. If not specified,  CRAM  type  defaults  to
       md5.  Passwords	cannot	be  changed when the --cramtype	option is used
       with courierpasswd. If both the --changepwd and --cramtype options  are
       present,	the --cramtype option will be ignored.

       courierpasswd logs attempts to authenticate users and change passwords,
       successful or not, to syslog or to stderr if  the  --stderr  option  is

       courierpasswd  does  certain  checks on command line arguments so it is
       important to put	--stderr first in the argument list if	it  is	to  be
       used in order for these checks to be logged properly.

       You  can	 turn  on  verbose  output  using  the -v or --verbose option.
       courierpasswd starts to log all of its actions and the results of those
       actions to stderr.

       There  is  a  way to manually trace how the courierpasswd changes pass-
       words: use the --stdin and --stderr options.  With these	options	couri-
       erpasswd	 reads	authentication	tokens from stdin, and logs actions to
       stderr.	You can	trace the activity of courierpasswd when  authenticat-
       ing a user with the following command:

	   $ echo -e "username\0oldpassword\0" \
	     | courierpasswd --stderr --stdin --verbose

       or when using CRAM:

	   $ echo -e "username\0challenge\0response\0" \
	     | courierpasswd --stderr --stdin --verbose	--cramtype sha1

       or when changing	a password with	this command:

	   $ echo -e "username\0oldpassword\0newpassword\0" \
	     | courierpasswd --stderr --stdin --verbose	--changepwd

       These commands fail if either  password begins with a number. In	such a
       case, the echo command can be replaced with  either  of	the  following
       statements  when	authenticating a user. Which one is chosen will	depend
       on the scripting	language available.

	   $ python -c 'print "%s\0%s\0" % \


	   $ perl -e 'printf "%s\0%s\0","username","oldpassword"'

       When changing a password, use one of these two commands:

	   $ python -c 'print "%s\0%s\0%s\0" % \


	   $ perl -e 'printf "%s\0%s\0%s\0","username",	\

       If you've found a bug in	 courierpasswd,	 please	 report	 it  to	 free-


       courierpasswd was written by Andrew St. Jean

       checkpassword interface was designed by Daniel J. Bernstein.

       Courier authentication library was written by Sam Varshavchik

GNU/Linux			  20 Jan 2005		      COURIERPASSWD(8)


Want to link to this manual page? Use this URL:

home | help