****************************************************************************** System Manager's Notes: poppassd v2.1beta *** Written by Joel Snyder under contract to Schlumberger *** Donated to the Public Domain by Schlumberger (David Sims 'dpsims@slb.com') *** Please give credit on any modifications or re-distributions *** *Not* for re-sale Installation Instructions ========================= 0- READ THROUGH THE SOURCE TO MAKE SURE THAT THIS DOES WHAT YOU WANT IT TO DO ! ! ! 1- Compile and link it properly. To do that, create a .com file which contains the following: $ cc poppassd (if you have DEC C, cc/vaxc) $ link poppassd,sys$input:/opt/notrace MULTINET:MULTINET_SOCKET_LIBRARY/SHARE SYS$SHARE:VAXCRTL/SHARE 2- Put it somewhere. I suggest you put this in your MULTINET_COMMON_ROOT:[MULTINET] directories, unless you have some place else where you keep images like this. To do that: $ copy poppassd.exe multinet_common_root:[multinet] 3- make Multinet know about it. To do that (assuming you stuck the file in multinet:poppassd.exe): $ multinet config/server SERVER-CONFIG>add poppassd [Adding new configuration entry for service "poppassd"] Protocol: [TCP] TCP Port number: 106 Program to run: MULTINET:poppassd.EXE [Added service poppassd to configuration] [Selected service is now poppassd] SERVER-CONFIG>show/full Service "poppassd": TCP socket (AF_INET,SOCK_STREAM), Port 106 Socket Options = SO_KEEPALIVE INIT() = TCP_Init LISTEN() = TCP_Listen CONNECTED() = TCP_Connected SERVICE() = Run_Program Program = "MULTINET:poppassd.EXE" SERVER-CONFIG>restart Things you can customize ======================== POP Passwd's behavior can be changed using a variety of system-wide logical names. The poppassd_LOG_FILE logical name must be defined. It is currently defined as 'poppassd.log'. Or you must define poppassd_DONT_LOG so that poppassd won't write log files (not recommended). poppassd_LOG_FILE This should be defined to point to the location where poppassd will log everything that happens. By default, (assuming that you have followed the other instructions and recommendations) this code will write the log as: MULTINET_COMMON_ROOT:[MULTINET]poppassd.log. poppassd_DONT_LOG Normally, poppassd logs everything, both errors and successes, to a log file. This is usually a pretty good idea. However, if you do not want poppassd to leave any traces of what it has done (including attempted breakins!), then define this logical name and it will do no logging. poppassd_DEBUG You normally would have no reason to define this. However, if you do, then poppassd will babble all sorts of interesting debugging information. Defining this logical does NOT introduce any security problems; all it does is increase the amount of logging to the screen which poppassd will do. If you define this logical name, then it is likely that Eudora will not be able to talk to poppassd. poppassd_ANAL_MODE Normally, poppassd is pretty chatty with users about why it was unable to change their password. It will tell them if a particular username is valid, if they have given an incorrect password, or if there is a syntax error. Some sites may not like the idea of this much information being given out. If you define poppassd_ANAL_MODE, then poppassd is very tight-lipped about the error messages which it gives to the client. This does not affect the log files, though. poppassd_IGNORE_LENGTH Normally, poppassd pays attention to the minimum length of password field in each user's UAF entry. If, for some very strange reason, you do NOT want poppassd to do this, then define this logical name. This is strongly discouraged! poppassd_IGNORE_CAPTIVE Normally, poppassd will not allow users who have the CAPTIVE flag in their UAF entry to change their password. If you would like to allow these users to change their passwords, then define this logical name. poppassd_IGNORE_DISUSER Normally, poppassd will not allow users who have the DISUSER flag in their UAF entry to change their password. If you would like to allow these users to change their passwords, then define this logical name. This is strongly discouraged! poppassd_IGNORE_GENPWD Normally, poppassd will not allow users who have the GENPWD flag in their UAF entry to change their password. If you would like to allow these users to change their passwords, then define this logical name. This is strongly discouraged! poppassd_IGNORE_LOCKPWD Normally, poppassd will not allow users who have the LOCKPWD flag in their UAF entry to change their password. If you would like to allow these users to change their passwords, then define this logical name. This is strongly discouraged! poppassd_IGNORE_RESTRICTED Normally, poppassd will not allow users who have the RESTRICTED flag in their UAF entry to change their password. If you would like to allow these users to change their passwords, then define this logical name. Internals of the protocol ========================= Steve Dorner's description of the simple protocol: The server's responses should be like an FTP server's responses; 1xx for in progress, 2xx for success, 3xx for more information needed, 4xx for temporary failure, and 5xx for permanent failure. Putting it all together, here's a sample conversation: S: 200 hello\r\n E: user yourloginname\r\n S: 300 please send your password now\r\n E: pass yourcurrentpassword\r\n S: 200 My, that was tasty\r\n E: newpass yournewpassword\r\n S: 200 Happy to oblige\r\n E: quit\r\n S: 200 Bye-bye\r\n S: E: