On Wed, Aug 27, 2008 at 9:33 AM, Tom Collins <[EMAIL PROTECTED]> wrote: > The point is, this is of interest to vpopmail users that need a replacement > auth module for recent versions of Courier-IMAP. > I appreciate the spirit. I recently wrote a patch for libnss-mysql which already enables vpopmail user to authenticate against vpopmail table. But it doesn't take care of inserting entries into the relay table and the lastauth table. The purpose of writing the PAM module is to enable that too.
My pam module is almost ready. It would help any vpopmail user who wants to use courier imap or any IMAP server which has a PAM module but does not have a module for vpopmail authentication. It uses configurable SQL string to authenticate against vpopmail table "select pw_passwd from vpopmail where pw_name='%u' and pw_domain='%D'" After successful authentication, i am debating to run a configurable command which can do stuff like "insert entry into relay table, lastauth table" or to dlopen a function which will do this. To me doing a dlopen() looks like a better way. So suggestions are welcome as I have still not done the pros and cons. I have written the functions pam_sm_authenticate() which can call 1. Any MySQL command using MySQL API mysql_query() 2. Any command (the command should return the encrypted passwd) 3. A function called vauthenticate() by using dlopen(). The end user should supply a library called vauthenticate.so having a function vauthenticate(user, domain) and pam_sm_chauthtok() is almost getting ready. pam_sm_chauthtok will also have the same logic like above Both the programs above will do setuid(id_of_vpopmail) in case the root user runs it. This will minimize potential damage that could be caused by any bug. The other things I am already doing to minimize buffer overflow problems like using snprintf instead of sprintf, strncpy instead of strcpy, etc. My goal is to have the /usr/bin/passwd change the passwd of vpopmail users and have any IMAP/POP3 server have a PAM module to be able to use vpopmail without writing a single code. I can do with some ideas/help/suggestions from this list and will try my best to put this module as soon as possible. Regards Manvendra !DSPAM:48b4da4932311920257188!
