cmd5apoppw/cmd5apoppw.8 at master

Fork: 0
yuuji / cmd5apoppw
Find file
Newer
Older
cmd5apoppw / cmd5apoppw.8
yuuji on 22 Sep 2006 2 KB Initial revision
Raw Blame History
.TH cmd5apoppw 8
.SH NAME
cmd5apoppw \- check a cram-md5 authentication
.SH SYNOPSIS
.B cmd5apoppw
.I subprogram
[
.I args ...
]
.SH DESCRIPTION
.B cmd5apoppw
reads descriptor 3 through end of file
and then closes descriptor 3.
There must be at most 512 bytes of data before end of file.

The information supplied on descriptor 3
is a login name terminated by \e0,
a cram-md5 challenge terminated by \e0,
and a cram-md5 response terminated by \e0.

.B cmd5apoppw
encrypts the challenge with keyed MD5 using passwords from
.BR ~/.apop .
It's compared with response (3rd parameter) and if they are the same
then
.B cmd5apoppw
uses
.B execvp
to run
.B subprogram
with the given arguments.
If they differ then it returns -1.

If challenge and response differ,
.B cmd5apoppw
exits 1.
If
.B cmd5apoppw
is misused,
it may instead exit 2.
If there is a temporary problem checking the password,
.B cmd5apoppw
exits 111.

.B cmd5apoppw 
does not provide PLAIN nor LOGIN authtype.

.SH "CHECKPASSWORD-COMPATIBLE TOOLS"
.B cmd5apoppw  
tries to conform to the
.B checkpassword 
interface.
There are other tools that offer the same interface as
.BR checkpassword .
Applications that use
.B checkpassword
are encouraged to take the
.B checkpassword
name as an argument,
so that they can be used with different
.BR checkpassword -compatible
tools.

Note that these tools do not follow the
.B getopt
interface.
Optional features are controlled through
(1) the tool name and
(2) environment variables.
.SH "FILES"
~/.apop - this file contains user's APOP and SMTP-AUTH password in
any encoded format.  The text will be extracted via
.B deapop
command, whose default location is /usr/local/sbin.
Note that text in ~/.apop is NOT encrypted.  The reason for
saving in encoded format is because it won't be exposed by user's
misoperation or filesystem trouble.

User have to make it unreadable by others.

.SH "EXTENDED MAIL ACCOUNT"
We can use extra mail address by creating ~/.qmail-suffix in qmail world.
Also we can create many mail accounts in virtualdomain with or without
creating real user in /etc/passwd.
.B cmdapoppw
will take appropriate password file other than default ~/.apop when
that mail account is controled by another dot-qmail file.  The file
name will be decided by the same manner as dot-qmail.

If you are using
.B foo@vdom.example.co.jp,
which is controled by
.B /some/dir/.qmail-foo,
just put its password in
.B /some/dir/.apop-foo .
In this case, smtp-auth user name for mail user agent should be
.B "foo@vdom.example.co.jp" .
.SH "VERSION"
This documentation describes
.B cmd5apoppw
version 1.
See
.B http://www.gentei.org/software/qmapop-smtp-auth/
for updates.
.SH "SEE ALSO"
checkpassword(8)