Skip to content

vsetpass.8

Jump to bottom
Manvendra Bhangui edited this page Sep 6, 2024 · 5 revisions

NAME

vsetpass - change passwords from across the network using the setpassword interface

SYNOPSIS

vsetpass [ subprogram subprogram ]

DESCRIPTION

vsetpass provides the setpassword protocol to allow users to change their passwords from remote locations.

vsetpass uses the setpassword interface for setting the password. setpassword interface provides a simple, uniform password-setting interface to all root applications. It is suitable for use by applications such as pop3d, imapd.

subprogram should be another setpassword compatible program. Typically programs like vsetpass(8) invokes vsetpass, which reads on file descriptor 3 the username, a 0 byte, the password, another 0 byte, the new password, and a final one 0 bytes. vsetpass invokes subprogram upon unsuccessful authentication, passing the same data (read earlier on descriptor 3) on a pipe with file descriptor 4 as the write end and file descriptor 3 as the read end. subprogram should read file descriptor 3 and should in turn return 0 to vsetpass on successful authentication. vsetpass will reject the authentication attempt if it receives a nonzero return value from subprogram. There can be multiple subprograms for a particular type of authentication / password update. The last subprogram should typically be /bin/false or /usr/bin/false depending on your Operating System.

vsetpass sleeps 5 seconds after an unsuccessful password change attempt. This feature is designed to make brute force attacks against passwords harder to perform.

LOGGING

Logging is done to descriptor 2. vsetpass logs all authentication and password change attempts whether they are successful or not.

EXAMPLE CLIENT-SERVER CONVERSATION

All messages passed between server and client are text based allowing a client session to be easily mimicked with tcpclient(1) or telnet(1). Using tcpclient, changing a user's password would look like this:

$ tcpclient -n /etc/indimail/certs/clientcert.pem 0 poppassd
200 indimail.org hello, who are you?\r\n
user <username>\r\n
200 Your password please.\r\n
pass <current password>
200 Your new password please.\r\n
newpass <new password>\r\n
200 Password changed, thank-you.\r\n
quit\r\n
200 Bye.\r\n
Connection closed by foreign host.

BUGS

If you've found a bug in vsetpass, please report it to mbhangui@gmail.com

SEE ALSO

qmail-smtpd(8), qmail-poppass(8),

AUTHOR vsetpass was written by Manvendra Bhangui <mbhangui@gmail.com> poppassd was written by Pawel Krawczyk based on an ealier version written by John Norstad Roy Smith and Daniel L. Leavitt

Clone this wiki locally