DragonFly On-Line Manual Pages
CHECKVPW(1) VMailMgr Tools Documentation CHECKVPW(1)
NAME
checkvpw - check passwords for virtual and non-virtual users
SYNOPSIS
checkvpw subprogram [arguments...]
DESCRIPTION
This program is a drop-in replacement for the standard checkpassword,
written by D. J. Bernstein (djb@pobox.com). In the absence of virtual
hosting (determined by the use of /var/qmail/control/virtualdomainss
and IP aliases), it behaves identically to checkpassword. When virtual
hosting is used, it permits logins from a unique set of users for each
of the aliases.
checkvpw must be run from either the tcp-env program (part of the qmail
package) or from a suitable substitute, such as tcpserver (part of the
ucspi-tcp package). These packages are used to determine to which
address a remote host is connecting. checkvpw must also be passed the
checkpassword-compatible authentication data on file descriptor three.
This can be accomplished by running it from a tool such as qmail-popup.
checkvpw accepts a command line in the following format:
checkvpw [subprogram] [arguments...]
If the authentication information is valid, the subprogram is run,
otherwise checkvpw returns an error to the program that invokes it.
If the user name contains the character "@", the host name reported by
tcp-env is replaced by the string following the "@", and the user name
is replaced by the string preceding the "@". If the local host name
reported by tcp-env matches one of those in
/var/qmail/control/virtualdomains, checkvpw prepends the prepend string
associated with the host name to the given user name. Wildcards in
virtualdomains are permitted and are handled in the same way qmail
handles them (see qmail-send). For example, if the line ".bar.com:bar"
appears in the virtual hosts file, it matches "one.two.bar.com" but not
"bar.com".
If the user name resulting from the above step appears in the system
password file (typically /etc/passwd), the user is treated as a local
user and authenticated with the information from that file. If this
authentication succeeds, the mail directory is set to the subdirectory
named on the command line. If the user name does not appear in the
system password file and is of the form "name-ext" where "name" does
appear in the password file, the user is treated as a "virtual" user
and authenticated with the information from a file named passwd in the
user's home directory. If this authentication succeeds, the mail
directory is set to the subdirectory users/ext/ in the user's home
directory, where "ext" is from the above step.
checkvpw also does some rewriting on the arguments of the subprogram.
Any argument matching the string ""maildir"" (ignoring case) is
replaced with the full path of the mail directory, as determined by the
steps above.
This program may be invoked in combination with qmail-popup and
qmail-pop3d from inetd by placing the following line in the
/etc/inetd.conf configuration file (all one line):
pop-3 stream tcp nowait root /var/qmail/bin/tcp-env tcp-env -R /var/qmail/bin/qmail-popup <hostname> /usr/bin/checkvpw /var/qmail/bin/qmail-pop3d Maildir/
RETURN VALUE
0 if the user is successfully authenticated, nonzero if any error
occurred. Exit code 1 indicates that a bad password was given, 2
indicates that the program was used incorrectly, and 111 indicates a
temporary failure.
ENVIRONMENT
checkvpw requires that "TCPLOCALHOST" be set to the host name of the
local address of the connection.
SEE ALSO
vdeliver(1)
AUTHOR
Bruce Guenter <bruceg@em.ca>.
vmailmgr 0.97 2016-02-18 CHECKVPW(1)