Sorry if this is somewhat offtopic, but it has to do with checkpassword, and I thought someone here could really help me out.
First, how secure is checkpassword? Second, I posted a while ago (and it was revised for me thankfully!) a checkpassword.pl script that rewrote usernames based on sendmail's virtusertable. And it seems to work really well for me so far (I'm not sure how it's going to go when virtusertable gets bigger, but I could probably rewrite usernames off a DB at that point), translating email address to usernames so the full email address can be used for pop or imap. At any rate, I'd like to do the same thing with ssh (sftp really). Just for the simplicity of doing everything with one's email address. I'm a bit confused as to how checkpassword.pl would be called from C though. I believe I have found the code where sshd authenticates passwords (auth_passwd.c), so basically it looks like, instead of encrypting the password and matching against the password from /etc/shadow, I need to call checkpassword.pl here and pass it the username and password supplied by the user, it will rewrite them to the real username and tell me if they are good or not. This sound about right? Oh, one more thing... anyone ever had problems while pop'ing mail and checking IMAP at the same time? Where pop occasionally returns errors? Not login errors, just "internal server" errors? Any help or criticisms would be greatly appreciated. Thank you! Ben
