POPPasswd Version: 1.0 22-Dec-1992 Author: Charles Bailey bailey@genetics.upenn.edu POPPasswd is a simple, single-threaded server designed to be used in conjunction with the IUPOP3 POP server for VMS, in order to allow users to change their passwords from within a POP clients. It should run under VMS 5.4 or later (as well as earlier versions, with the modification described below), and under Wollonging's WIN/TCP, TGV's Multinet, or Digital's UCX TCP/IP packages. However, I have only tested it using VMS 5.4 and WIN/TCP, since that's all I have available. This implementation follows the emerging standard for such servers as follows: - listens on TCP port 106 (by default) for incoming connections - once a connection is established, accepts the following commands: user {username} - accepted at any time, identifies a user pass {password} - accepted after 'user' to authenticate the user newpass {password} - accepted after 'pass' to change user's password quit - accepted at any time; terminates a connection - responds to commands from the client with text prefixed by codes similar to those used by ftp servers: 1xx - action in progress (not used in this implementation) 2xx - action successful 3xx - more information required 4xx - nonfatal failure, connection maintained 5xx - fatal failure, connection closed Since the average connection from a client lasts less than 5 seconds, and since users change passwords relatively infrequently, a single-threaded server should be adequate in nearly any environment. The server logs all transmitted and received messages, as well as additional relevant information, for each session. The parameters supplied with the 'pass' and 'newpass' commands are not logged for security reasons. There are some traits which are specific to this implementation and which should be mentioned: - the server respects the SYSUAF LockPwd, PwdExpired, and GenPwd flags, and will not allow a user to change his or her password if any of these flags are set. It does not, however, pay attention to passwords which have expired due to age, since the whole point here is to change the password. - password hashing is done via sys$hash_password(), which first appears in VMS 5.4. If you're using an older version of VMS, you can replace this call with a call to the PWDEncrypt() routine provided with IUPOP3. - new passwords are hashed and written directly to SYSUAF. There is no support at present for password history lists or dictionaries. - the 'pass' command checks only the primary password; no provision is made for obtaining or checking a secondary password. - if the server is run as a standalone process, one additional command is available: 'shutdown'. This can be invoked only after a user is properly authenticated, and only if that user has WORLD privilege authorized in SYSUAF (i.e. if he or she could kill the process when logged in to the VMS host). It performs an orderly shutdown of the server, and is mostly a convenience; I've never run into any problems when the server process has died an untimely death. The following compilation options are provided: NODE - node name which appears in the welcome message. Not used otherwise. (default = host's DNS name) POPPASSWD_PORT - TCP port for server (default=106) DETACHED - activity is logged to Sys$Output, rather than explicitly to a file. This is designed to allow the server to be run as a detached process with its output directed to a file. The Start_POPPasswd.Com and POPPasswd.Com DCL procedures provide an example of this. [They're taken almost verbatim from the analogous IUPOP3 procedures, in case that wasn't obvious.] (default=ON) INETSERV - communication with the client is done via reads from Sys$Input and writes to Sys$Output, rather than explicitly to a socket. This is designed to allow the server to be spawned by a TCP master server process, which manages the socket for each instance of the server. This is the quick and dirty way to a multithreaded server, but buys you a lot of overhead, since a new POPPasswd server process must be started for ech connection. If you choose this option, be sure not to select the DETACHED option as well, or log messages will be sent to the client. You may also want to comment out some of the startup log messages, in order to reduce startup overhead and redundant messages somewhat. (default = OFF) LOGFNAME - the name of the file to which log messages are sent, if the DETACHED option is not defined. (default = POP_Root:[Log]POPPasswd.Log) These options may be configured by changing the appropriate #defines in POPPasswd.h or on the CC command line, or via the DCL procedure Make_POPPasswd, which will prompt for the necessary values. By default, it will build a version which uses the first TCP/IP package it finds, and uses default settings as noted above. If you have any questions or suggestions, or trip over any bugs, please let me know. I can't guarantee any fixes, but I'll try to help out. I hope you find this useful. Legal Stuff: Some portions of this software are derived from similar code included in the IUPOP3 server, copyright Indiana University. Original portions of this software are copyright 1992 by Charles Bailey. Permission is granted for reproduction and distribution of this software, as long as no fees are charged above that necessary to store and/or transmit the code, ans as long as this notice is included. Permission is granted to modify this software, as long as any modifications are clearly marked in the source code. This software is provided as is, without any warranty of any kind. The author, the Unversity of Pennsylvania, and the Howard Hughes Medical Institute will not be responsible for any damages arising in connection with the use, actions, or failure of this software. YMMV.