Two questions...
1. Have you tried running checkvpw from the command line to see what it says? Maybe you'll get a bit more information.
Great suggestion. I have a tendency to overlook the obvious, like reading the man pages and testing from the command line.
I setup some environment variables:
export TCPLOCALHOST=10.200.1.2;export USER=zackynet;export HOME=/var/vmail/zackynet/
checkvpw tests okay:
[EMAIL PROTECTED] root]# printf "zackynet-jztest\0testpass\0Y123456\0" | /usr/local/bin/checkvpw echo SUCCESS maildir 3<&0; echo $?
SUCCESS ./users/jztest
0
checkvpw and pop3d test okay:
[EMAIL PROTECTED] root]# printf "zackynet-jztest\0testpass\0Y123456\0" | /usr/local/bin/checkvpw /var/qmail/bin/qmail-pop3d maildir 3<&0; echo $?
+OK
0
No luck with bincimap though (The +lines are from bincauthwrap - I have debug turned on):
[EMAIL PROTECTED] root]# printf "zackynet-jztest\0testpass\0Y123456\0" | /usr/local/bin/checkvpw /var/qmail/bin/bincauthwrap /var/qmail/bin/bincimapd maildir 3<&0; echo $?
+ export MAILDIR=./users/jztest
+ MAILDIR=./users/jztest
+ cd /var/vmail/zackynet/./users/jztest
+ exec /var/qmail/bin/bincimapd ./users/jztest
111
2. Is checkvpw suid root? Note that DJB's checkpassword needs to be suid root for Binc, which is fine because it takes great care to ensure the user has authenticated before executing a command. I haven't looked at checkvpw to see what it does to ensure that it can not be used to gain arbitrary access to your system.
Regards, Henry
Neither of them are suid root. But I'm testing them as root and tcpserver is running as root and bincimap works fine with non-virtual domains.
Thanks for the suggestions, they've pointed me in a good direction.
Cheers, Joe
