Alternative Checkpassword Implementations
qmail-popup and qmail-pop3d are glued together by a program called checkpassword. It's run by qmail-popup, reads the username and password handed to the POP3 daemon, looks them up in /etc/passwd, verifies them, switches to the username/home directory, and runs pop3d. At least that's what the standard one does. Some alternatives are listed below.
- Mark Delany has a clever way to test your checkpassword with a bit of command line re-direction.
For example, with username fred, password bloggs, printf "%s\0%s\0%s\0" fred bloggs Y123456 | /bin/checkpassword id 3<&0 will execute /bin/id if the password is right.
If you haven't a printf then enter the data into a file with your favourite binary editor, such as emacs, and then it's simply:
/bin/checkpassword id 3<test.file
Or use perl:
perl -e 'printf "%s\0%s\0Y123456\0","fred","bloggs"' | ...
Or use qmail-popup and use the 'user' and 'pass' commands:
/var/qmail/bin/qmail-popup /bin/checkpassword id
- Jedi/Sector One has a checklocalpwd.c that checks a configuration file in addition to the users mentioned in /etc/passwd.
- Jos Backus has a mkpoppass/chkpoppass pair. It uses an alternate username/password file and is written in perl.
- Bruce Guenter has a virtual domain mail manager package called vmailmgr. It's designed to manage multiple domains of mail addresses and mailboxes on a single host. Co-operates with qmail for mail delivery and program control. Has corresponding add/deluser and change-passwd commands, and CGI scripts. Knows about shadow and MD5-encrypted passwords. Uses CDBs for the virtual domain tables. Supports IMAP via an authentication module for Courier-IMAP.
- Russell Nelson pop-subaddr patch allows multiple maildirs per POP3 user, all of them authenticated with the same password.
- Alexey Mahotkin rewrote checkpassword-pam from scratch.
- Petr Novotny wrote an alternative to Russell Nelson's Open-SMTP patch for checkpassword. His code is PAM module which calls external program to log $TCPREMOTEIP. It requires a PAM-enabled checkpassword or any POP3/IMAP system that uses PAM for authentication.
- Bruce Guenter has yet another SMTP relay control package. It uses a setuid program called from checkpassword to avoid patching checkpassword. Strictly speaking, it's not a patch, but it's here so people can find it along with the others.
- Inter7's vpopmail is a complete system for managing virtual domains that includes a checkpassword implementation. Works with backends of cdb, mysql, postgresql, ldap, and oracle. It integrates with qmailadmin, vqadmin, squirrelmail, bincimap, pureftp and the courier packages sqwebmail and courierimap.
- Dynamic delivery - no need to have dozens of .qmail files all over the place. Just a single .qmail-default handles all the deliveries
- Shadow password support - something that seemed to be lacking in the other programs
- Only takes up 1 entry in /etc/passwd - everything runs under a single UID/GID
- Decent documentation
- Delivers direct to a Maildir for use with qmail-pop3d
- Inter7 has a program for administration of virtual domains called QmailAdmin using the vchkpw program. It handles pop acccounts, aliases, forwards, autorepsonder and ezmlm mailing list.
- Inter7 has a program for system administration of virtual domains called VqAdmin.
- Justin Hopper has a quota implementation for QmailAdmin.
- Steve Simitzis has XTND XMIT mods for qmail-pop3d that also incorporate some patches found on this site.
- André Oppermann has patches to do user lookup (deliver and retrieval via qmail-pop3) using LDAP.
- Pedro Melo has a patch to checkpassword-0.81 which uses a CDB file.
- Chris Johnson wrote checkcdb, a version of checkpassword that authenticates users from a cdb database. It includes perl scripts to maintain the user database file.
- Shinya Ohira fixed a security lapse in checkpw, which gets its password from a file in the user's home directory, and allows both POP and APOP authentication.
- Magnus Bodin has a copy if that site happens to be unavailable.
- Tong has a PostgreSQL checkpassword.
- David McNicol wrote qmail-authpop which uses Sam Varshavchik's's authlib. This library is used by his sqwebmail and courier-imap applications, linked-to from elsewhere in this document.
- Matthias Andree has a patch to Dan's checkpassword that allows checkpasswd to use an arbitrary base directory for finding Maildirs.
- Jesse Sweetland has added Postgres support to his checkpassword and qmail-getpw replacements. He calls the package sql-xpw. These differ from Takeshi's code because his is a patch to qmail and this code is not.
- Ariel Kirsman has written a checkpassword which authenticates using an NT domain. It is derived from code taken from squid.
- Andrew Richards has a checkpassword for Radius, written in C. It's based around Dan's checkpassword, and uses the Radius client library from FreeBSD, as well as MD5, since that's how Radius encodes its data.
- Larry M. Smith has a vanilla checkpassword.pl.
- Piotr Swebodzinski has a checkpassword for tru64 Unix.
- Scott Gifford has notes for using checkpassword w/ Courier-IMAP.
- Andrew Richards has a checkpassword that wraps around Courier-IMAP's authentication for use by qmail-pop3d.
- Andreas Aardal Hanssen has a way to run multiple checkpasswords and authenticate against one, and if that fails, then the other. If none succeed, it returns failure.
- David Phillips has a checkpassword which authenticates via a pop3 connection. While this may seem counter-productive, you can use it for smtp-auth where the smtp server does not have direct access to the user database.
- Plácido Revilla wrote a checkpassword that authentifies against a PHPNuke users database. This allows administrators of these kind of portals to automatize the creation of pop3 accounts in their system.
- Courierpasswd allows users to to check and change their passwords using Courier authentication modules. It can optionally read authentication tokens from stdin and send logging information to syslog or stderr.
- Adam Aube's chkpass.pl authenticates using a Squid auth helper program.
- Oliver Hitz authenticates against a CDB file and works for SMTP-AUTH as well as for Courier POP and IMAP.
- Tino Reichardt has a qpasswd checkpassword.