diff options
Diffstat (limited to 'plugins/sasl_password/README')
-rw-r--r-- | plugins/sasl_password/README | 65 |
1 files changed, 0 insertions, 65 deletions
diff --git a/plugins/sasl_password/README b/plugins/sasl_password/README deleted file mode 100644 index 3fbc448ff..000000000 --- a/plugins/sasl_password/README +++ /dev/null @@ -1,65 +0,0 @@ -+-------------------------------------------------------------------------+ -| -| Author: Thomas Bruederli -| Source: Squirrelmail Change SASL Password Plugin by Galen Johnson -| Program: sasl_password -| Version: 1.0 -| Purpose: Change Cyrus Account Passwords -| -+-------------------------------------------------------------------------+ - - -Purpose -------- -Cyrus SASL database authentication allows your Cyrus+RoundCube -installation to host mail users without requiring a Unix Shell account! - -This plugin only covers the "sasldb" case when using Cyrus SASL. Kerberos -and PAM authentication mechanisms will require other techniques to enable -user password manipulations. - -Cyrus SASL includes a shell utility called "saslpasswd" for manipulating -user passwords in the "sasldb" database. This patch attempts to use -this utility to perform password manipulations required by your webmail -users without any administrative interaction. Unfortunately, this -scheme requires that the "saslpasswd" utility be run as the "cyrus" -user - kind of a security problem since we have chosen to SUID a small -script which will allow this to happen. - -This plugin is based on the Squirrelmail Change SASL Password Plugin. -See http://www.squirrelmail.org/plugin_view.php?id=107 for details. - - -Installation ------------- -Install just like any other plugin, just put it in the plugin directory -and activate it by adding 'sasl_password' to the list of active plugins -in config/main.inc.php - -Edit the chgsaslpasswd.c and chgsaslpasswd.sh files as is documented -within them. - -Compile the wrapper program: - gcc -o chgsaslpasswd chgsaslpasswd.c - -Chown the chgsaslpasswd and chgsaslpasswd.sh to the cyrus user and group -that your browser runs as, then chmod them to 4550. - -For example, if your cyrus user is 'cyrus' and the apache server group is -'nobody' (I've been told Redhat runs Apache as user 'apache'): - - chown cyrus:nobody chgsaslpasswd - chmod 4550 chgsaslpasswd - -Stephen Carr has suggested users should try to run the scripts on a test -account as the cyrus user eg; - - su cyrus -c "./chgsaslpasswd -p test_account" - -This will allow you to make sure that the script will work for your setup. -Should the script not work, make sure that: -1) the user the script runs as has access to the saslpasswd|saslpasswd2 - file and proper permissions -2) make sure the user in the chgsaslpasswd.c file is set correctly. - This could save you some headaches if you are the paranoid type. - |