| View previous topic :: View next topic |
| Author |
Message |
kpoman
Apprentice
Joined: 15 May 2003
Posts: 209
Location: Buenos Aires, Argentina
|
 Posted: Mon Dec 15, 2003 11:07 pm Post subject: poppassd issues |
 |
|
hello
i am setting up my squirrelmail webmail stuff, and then i add change_pass plugin, which needs poppassd to e able to change some user password as requested.
so i seen i need to install poppassd;
i did it, then added it to my xinetd.conf as you may see:
| Code: |
pana root # cat /etc/services | grep 106
#3com-tsmux 106/tcp poppassd
#3com-tsmux 106/udp poppassd
#> Ports are used in the TCP [45,106] to name the ends of logical
poppassd 106/tcp # Eudora
poppassd 106/udp # Eudora
pana root #
pana root # ll /etc/xinetd.d/
total 68
drwxr-xr-x 2 root root 4096 Dec 15 23:50 .
drwxr-xr-x 75 root root 4096 Dec 15 23:49 ..
-rw-r--r-- 1 root root 643 Dec 15 23:47 README.services
-rw-r--r-- 1 root root 246 Dec 15 23:47 chargen-tcp
-rw-r--r-- 1 root root 266 Dec 15 23:47 chargen-udp
-rw-r--r-- 1 root root 366 Nov 28 01:43 cups-lpd
-rw-r--r-- 1 root root 300 Dec 9 20:42 cvspserver
-rw-r--r-- 1 root root 246 Dec 15 23:47 daytime-tcp
-rw-r--r-- 1 root root 272 Dec 15 23:47 daytime-udp
-rw-r--r-- 1 root root 238 Dec 15 23:47 echo-tcp
-rw-r--r-- 1 root root 263 Dec 15 23:47 echo-udp
-r-x------ 1 root bin 168 Dec 15 23:50 poppassd
-rw-r--r-- 1 root root 238 Nov 6 17:02 pure-ftpd
-rw-r--r-- 1 root root 525 Nov 17 14:45 swat
-rw-r--r-- 1 root root 205 Aug 26 23:26 telnetd
-rw-r--r-- 1 root root 270 Dec 15 23:47 time-tcp
-rw-r--r-- 1 root root 272 Dec 15 23:47 time-udp
pana root #
pana root # cat /etc/xinetd.d/poppassd
service poppassd
{
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/bin/poppassd
disable = no
}
pana root #
pana root # nmap localhost
Starting nmap 3.48 ( http://www.insecure.org/nmap/ ) at 2003-12-16 00:02 CET
Interesting ports on localhost (127.0.0.1):
(The 1640 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
80/tcp open http
106/tcp open pop3pw
111/tcp open rpcbind
139/tcp open netbios-ssn
143/tcp open imap
445/tcp open microsoft-ds
611/tcp open npmp-gui
618/tcp open unknown
953/tcp open rndc
3128/tcp open squid-http
3306/tcp open mysql
4000/tcp open remoteanything
10000/tcp open snet-sensor-mgmt
Nmap run completed -- 1 IP address (1 host up) scanned in 2.534 seconds
pana root #
|
so everything works as expected;
so here i go testing it under telnet:
| Code: |
pana root # telnet localhost 106
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
200 pana poppassd v1.0 hello, who are you?
user testuser
200 your password please.
pass myoldpass
200 your new password please.
newpass mynewpass
200 Password changed, thank-you.
quit
200 Bye.
Connection closed by foreign host.
pana root #
ssh testuser@localhost
Enter password: mynewpass
Permission denied, please try again.
....
|
i dont know why it is not working this way, and, obviously doesnt work neither under squirrelmail :/
hope someone can give me a light of hope on thin one
and thanx lot for caring
_________________
please, help me, pity on me :'( |
|
| Back to top |
|
 |
TerminalAddict
Tux's lil' helper
Joined: 13 Feb 2003
Posts: 119
|
| Posted: Sun Jan 04, 2004 2:49 am Post subject: |
|
|
| bump |
|
| Back to top |
|
|
blum
n00b
Joined: 07 Jan 2004
Posts: 10
|
|
| Back to top |
|
|
cryos
Retired Dev
Joined: 08 Mar 2003
Posts: 242
Location: US
|
| Posted: Thu Jan 29, 2004 4:49 pm Post subject: |
|
|
| Just added my support for you blum! I tried poppassd_pam and it didn't work - same as you had described in the bug report. I then downloaded and installed poppassd-ceti and it works great. This should certainly replace poppassd_pam in portage. Thanks for posting your solution - did you make an ebuild for it? |
|
| Back to top |
|
|
cryos
Retired Dev
Joined: 08 Mar 2003
Posts: 242
Location: US
|
| Posted: Tue Feb 17, 2004 10:40 pm Post subject: |
|
|
I think this could be due to the recent upgrade of gcc, but I can no longer build poppassd-ceti  I get several errors, and wouldn't have a clue on how to fix them to be honest.
| Code: | gamma poppassd-1.8.4 # make
gcc poppassd.c -o poppassd -lpam -ldl -O2
In file included from poppassd.c:62:
/usr/lib/gcc-lib/i686-pc-linux-gnu/3.3.2/include/varargs.h:4:2: #error "GCC no longer implements <varargs.h>."
/usr/lib/gcc-lib/i686-pc-linux-gnu/3.3.2/include/varargs.h:5:2: #error "Revise your code to use <stdarg.h>."
poppassd.c: In function `WriteToClient':
poppassd.c:95: error: syntax error before "va_dcl"
poppassd.c:111: error: syntax error before "bzero"
poppassd.c:126: error: declaration for parameter `appdata_ptr' but no such parameter
poppassd.c:125: error: declaration for parameter `resp' but no such parameter
poppassd.c:124: error: declaration for parameter `msg' but no such parameter
poppassd.c:109: error: declaration for parameter `i' but no such parameter
poppassd.c:128: warning: declaration of `i' shadows a parameter
poppassd.c:129: error: `num_msg' undeclared (first use in this function)
poppassd.c:129: error: (Each undeclared identifier is reported only once
poppassd.c:129: error: for each function it appears in.)
poppassd.c:132: warning: `return' with a value, in function returning void
poppassd.c:135: warning: `return' with a value, in function returning void
poppassd.c:168: warning: `return' with a value, in function returning void
poppassd.c: At top level:
poppassd.c:172: error: `poppassd_conv' undeclared here (not in a function)
poppassd.c:172: error: initializer element is not constant
poppassd.c:172: error: (near initialization for `pam_conv.conv')
make: *** [poppassd] Error 1 |
|
|
| Back to top |
|
|
cryos
Retired Dev
Joined: 08 Mar 2003
Posts: 242
Location: US
|
| Posted: Wed Feb 18, 2004 10:48 pm Post subject: Fixed poppassd issues!!! |
|
|
Right - this one hasn't been easy. Should I file a bug report or not (as this poppassd isn't in portage)??? I now have it compiling under GCC 3.3.2 after getting it to use stdargs.h! Then it still didn't work Then I corrected the /etc/pam.d/poppassd entry after seeing the strace of a failed program run!  It is now working as expected, although I would appreciate anyone's advice on whether I have used the correct settings for the pam.d file 
| Code: |
palladium poppassd # diff poppassd.c.new poppassd.c
62c62
< #include <stdarg.h>
---
> #include <varargs.h>
93c93,95
< void WriteToClient (char *fmt, ...)
---
> void WriteToClient (fmt, va_alist)
> char *fmt;
> va_dcl
97c99
< va_start (ap, fmt);
---
> va_start (ap); |
And the new /etc/pam.d/poppassd,
| Code: |
auth required /lib/security/pam_stack.so service=system-auth
account required /lib/security/pam_stack.so ervice=system-auth
password required /lib/security/pam_cracklib.so retry=3
password required /lib/security/pam_stack.so service=system-auth
|
|
|
| Back to top |
|
|
merced
n00b
Joined: 23 Nov 2003
Posts: 24
|
| Posted: Tue Jun 22, 2004 7:02 pm Post subject: poppassd_pam ebuild works with modified /etc/pam.d/poppassd |
|
|
I utilized the /etc/pam.d/poppassd provided by cryos with the poppasswd_pam ebuild in portage and everything works fine.
I have a squirrelmail/Qmail system with users in /etc/passwd.
Anyone else care to post results using this or another method?
Anyone know if the /etc/pam.d/poppassd provided by cryos is the best way to accomplish this task?
_________________
Merced |
|
| Back to top |
|
|
cryos
Retired Dev
Joined: 08 Mar 2003
Posts: 242
Location: US
|
| Posted: Thu Jun 24, 2004 5:43 pm Post subject: |
|
|
| Hi merced - I can tell you that it has been working now without any problems. I had totally forgotten about it to be honest with you. Still not sure if the pam settings are ideal but they do work just fine, and I can't think of any major problems with them. I am still using the same poppassd-ceti as opposed to the pam package in portage which never worked right for me... |
|
| Back to top |
|
|
Patastrophe
n00b
Joined: 11 Sep 2003
Posts: 52
|
| Posted: Wed Dec 29, 2004 6:56 am Post subject: |
|
|
| I made some changes to my /etc/pam.d/poppassd file (just copied the settings for passwd) and it worked somwhat. Squirrelmail (through poppassd_pam) can change passwords just fine, but it doesn't reject bad passwords the same as it would if you were using passwd from the shell. I dont' want my users to be able to use "password" as a password, then come complaining to me when their email or website gets WTF pwned, not to mention puts the accounts of other users in jeopardy. Anyhow, if anybody has any suggestions please let me know. I'd greatly appreciate it. |
|
| Back to top |
|
|
|
Networking & Security
