I believe checkpassword to be quite secure. Its author is a fanatic about security. I also spent about an hour doing a security review and believe it to be at least as secure as login.Sorry if this is somewhat offtopic, but it has to do with checkpassword, and I thought someone here could really help me out.
First, how secure is checkpassword?
If you are talking about my revisions, I did some performance testing this morning and found that the script takes .4-.5 sec for a 10,000 line virtualusertable on a 900 MHz Pentium III with 512MB of memory. The average chaining length did not seem to affect performance. The performance seemed to degrade linearly up to a vitualusertable size of about 100,000 after which the degradation was definitely non-linear. The only way to improve performance for larger tables would be to convert virtusertable to something like (well maybe exactly like) /var/qmail/users/cdb.Second, I posted a while ago (and it was revised for me thankfully!) a checkpassword.pl script that rewrote usernames based on sendmail's virtusertable. And it seems to work really well for me so far (I'm not sure how it's going to go when virtusertable gets bigger, but I could probably rewrite usernames off a DB at that point), translating email address to usernames so the full email address can be used for pop or imap.
BTW, I found a small bug in the original version (it does not produce the correct error message in certain situations) and recommend upgrading to the attached script.
Any good Unix programming book will tell you how to do this.At any rate, I'd like to do the same thing with ssh (sftp really). Just for the simplicity of doing everything with one's email address. I'm a bit confused as to how checkpassword.pl would be called from C though. I believe I have found the code where sshd authenticates passwords (auth_passwd.c), so basically it looks like, instead of encrypting the password and matching against the password from /etc/shadow, I need to call checkpassword.pl here and pass it the username and password supplied by the user, it will rewrite them to the real username and tell me if they are good or not.
An alternate idea is to convert the sript into a PAM module.
Another alternate would be to make a new perl script called virtconvert that looks something like:
#! /usr/bin/perl
die "Usage: virtconvert <virt-user>" unless @ARGV == 1;
print mapuser(shift);
exit 1;
where mapuser is the one found in checkpasswd.pl. Then use popen to run "virtconvert <virt-user>" and read the real user from the pipe and let sshd do the authentication using the real user's id. This has the advantage that the authentication responsibility remains with sshd.
Henry:-)
This sound about right?
Oh, one more thing... anyone ever had problems while pop'ing mail and checking IMAP at the same time? Where pop occasionally returns errors? Not login errors, just "internal server" errors?
Any help or criticisms would be greatly appreciated.
Thank you! Ben
-- Henry Baragar Principal, Technical Architecture 416-453-5626 Instantiated Software Inc. http://www.instantiated.ca
checkpassword.pl
Description: Perl program
