summaryrefslogtreecommitdiff
path: root/plugins/password/README
diff options
context:
space:
mode:
Diffstat (limited to 'plugins/password/README')
-rw-r--r--plugins/password/README200
1 files changed, 0 insertions, 200 deletions
diff --git a/plugins/password/README b/plugins/password/README
deleted file mode 100644
index c7e8203ad..000000000
--- a/plugins/password/README
+++ /dev/null
@@ -1,200 +0,0 @@
- -----------------------------------------------------------------------
- Password Plugin for Roundcube
- -----------------------------------------------------------------------
-
- Plugin that adds a possibility to change user password using many
- methods (drivers) via Settings/Password tab.
-
- -----------------------------------------------------------------------
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License version 2
- as published by the Free Software Foundation.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License along
- with this program; if not, write to the Free Software Foundation, Inc.,
- 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-
- @version 1.2
- @author Aleksander 'A.L.E.C' Machniak <alec@alec.pl>
- @author <see driver files for driver authors>
- -----------------------------------------------------------------------
-
- 1. Configuration
- 2. Drivers
- 2.1. Database (sql)
- 2.2. Cyrus/SASL (sasl)
- 2.3. Poppassd/Courierpassd (poppassd)
- 2.4. LDAP (ldap)
- 2.5. DirectAdmin Control Panel
- 2.6. cPanel
- 2.7. XIMSS (Communigate)
- 3. Driver API
-
-
- 1. Configuration
- ----------------
-
- Copy config.inc.php.dist to config.inc.php and set the options as described
- within the file.
-
-
- 2. Drivers
- ----------
-
- Password plugin supports many password change mechanisms which are
- handled by included drivers. Just pass driver name in 'password_driver' option.
-
-
- 2.1. Database (sql)
- -------------------
-
- You can specify which database to connect by 'password_db_dsn' option and
- what SQL query to execute by 'password_query'. See main.inc.php file for
- more info.
-
- Example implementations of an update_passwd function:
-
- - This is for use with LMS (http://lms.org.pl) database and postgres:
-
- CREATE OR REPLACE FUNCTION update_passwd(hash text, account text) RETURNS integer AS $$
- DECLARE
- res integer;
- BEGIN
- UPDATE passwd SET password = hash
- WHERE login = split_part(account, '@', 1)
- AND domainid = (SELECT id FROM domains WHERE name = split_part(account, '@', 2))
- RETURNING id INTO res;
- RETURN res;
- END;
- $$ LANGUAGE plpgsql SECURITY DEFINER;
-
- - This is for use with a SELECT update_passwd(%o,%c,%u) query
- Updates the password only when the old password matches the MD5 password
- in the database
-
- CREATE FUNCTION update_password (oldpass text, cryptpass text, user text) RETURNS text
- MODIFIES SQL DATA
- BEGIN
- DECLARE currentsalt varchar(20);
- DECLARE error text;
- SET error = 'incorrect current password';
- SELECT substring_index(substr(user.password,4),_latin1'$',1) INTO currentsalt FROM users WHERE username=user;
- SELECT '' INTO error FROM users WHERE username=user AND password=ENCRYPT(oldpass,currentsalt);
- UPDATE users SET password=cryptpass WHERE username=user AND password=ENCRYPT(oldpass,currentsalt);
- RETURN error;
- END
-
- Example SQL UPDATEs:
-
- - Plain text passwords:
- UPDATE users SET password=%p WHERE username=%u AND password=%o AND domain=%h LIMIT 1
-
- - Crypt text passwords:
- UPDATE users SET password=%c WHERE username=%u LIMIT 1
-
- - Use a MYSQL crypt function (*nix only) with random 8 character salt
- UPDATE users SET password=ENCRYPT(%p,concat(_utf8'$1$',right(md5(rand()),8),_utf8'$')) WHERE username=%u LIMIT 1
-
- - MD5 stored passwords:
- UPDATE users SET password=MD5(%p) WHERE username=%u AND password=MD5(%o) LIMIT 1
-
-
- 2.2. Cyrus/SASL (sasl)
- ----------------------
-
- Cyrus SASL database authentication allows your Cyrus+RoundCube
- installation to host mail users without requiring a Unix Shell account!
-
- This driver only covers the "sasldb" case when using Cyrus SASL. Kerberos
- and PAM authentication mechanisms will require other techniques to enable
- user password manipulations.
-
- Cyrus SASL includes a shell utility called "saslpasswd" for manipulating
- user passwords in the "sasldb" database. This plugin attempts to use
- this utility to perform password manipulations required by your webmail
- users without any administrative interaction. Unfortunately, this
- scheme requires that the "saslpasswd" utility be run as the "cyrus"
- user - kind of a security problem since we have chosen to SUID a small
- script which will allow this to happen.
-
- This driver is based on the Squirrelmail Change SASL Password Plugin.
- See http://www.squirrelmail.org/plugin_view.php?id=107 for details.
-
- Installation:
-
- Change into the drivers directory. Edit the chgsaslpasswd.c file as is
- documented within it.
-
- Compile the wrapper program:
- gcc -o chgsaslpasswd chgsaslpasswd.c
-
- Chown the compiled chgsaslpasswd binary to the cyrus user and group
- that your browser runs as, then chmod them to 4550.
-
- For example, if your cyrus user is 'cyrus' and the apache server group is
- 'nobody' (I've been told Redhat runs Apache as user 'apache'):
-
- chown cyrus:nobody chgsaslpasswd
- chmod 4550 chgsaslpasswd
-
- Stephen Carr has suggested users should try to run the scripts on a test
- account as the cyrus user eg;
-
- su cyrus -c "./chgsaslpasswd -p test_account"
-
- This will allow you to make sure that the script will work for your setup.
- Should the script not work, make sure that:
- 1) the user the script runs as has access to the saslpasswd|saslpasswd2
- file and proper permissions
- 2) make sure the user in the chgsaslpasswd.c file is set correctly.
- This could save you some headaches if you are the paranoid type.
-
-
- 2.3. Poppassd/Courierpassd (poppassd)
- -------------------------------------
-
- You can specify which host to connect to via 'password_pop_host' and
- what port via 'password_pop_port'. See config.inc.php file for more info.
-
-
- 2.4. LDAP (ldap)
- ----------------
-
- See config.inc.php file. Requires PEAR::Net_LDAP2 package.
-
-
- 2.5. DirectAdmin Control Panel
- -------------------------------------
-
- You can specify which host to connect to via 'password_directadmin_host'
- and what port via 'password_direactadmin_port'. See config.inc.php file
- for more info.
-
-
- 2.6. cPanel
- -----------
-
- You can specify parameters for HTTP connection to cPanel's admin
- interface. See config.inc.php file for more info.
-
-
- 2.7. XIMSS (Communigate)
- -------------------------------------
-
- You can specify which host and port to connect to via 'password_ximss_host'
- and 'password_ximss_port'. See config.inc.php file for more info.
-
-
- 3. Driver API
- -------------
-
- Driver file (<driver_name>.php) must define 'password_save' function with
- two arguments. First - current password, second - new password. Function
- may return PASSWORD_SUCCESS on success or any of PASSWORD_CONNECT_ERROR,
- PASSWORD_CRYPT_ERROR, PASSWORD_ERROR when driver was unable to change password.
- See existing drivers in drivers/ directory for examples.