[sork] sasldb passwd change driver

Kash Badami kash at iplicity.com
Thu Jul 31 07:15:52 PDT 2003


Hello everyone,

I had a need to develop a password change driver for sasldb in the
passwd module. We use cyrus with sasldb at my company. I am attaching
the code for the driver as well as backends.php to work with the driver.

The driver uses the external program saslpasswd2 to update passwords in
sasldb. If you folks need help configuring it send me an email. If you
think it worthy to include in the drivers for the passwd module feel
free to do so.

The driver also expects apache to be able to run saslpasswd2. By default
only root can do so in most *NIX environments as well as Linux. Not sure
about windows. So to solve this, some entries are needed in the
/etc/sudoers file. I have apache run saslpasswd2 via sudo for security
purposes. I have also provided an example sudoers file to help with
configuration.

I have yet to put in some additional error checking to identify issues
that may occur when saslpasswd2 is called from the driver. I will do so
shortly and provide an update.

Regards,
Kash
-------------- next part --------------
A non-text attachment was scrubbed...
Name: backends.php
Type: application/x-php
Size: 7057 bytes
Desc: not available
Url : http://lists.horde.org/archives/sork/attachments/20030731/b81926b3/backends.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sasldb.php
Type: application/x-php
Size: 1945 bytes
Desc: not available
Url : http://lists.horde.org/archives/sork/attachments/20030731/b81926b3/sasldb.bin
-------------- next part --------------
# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the sudoers man page for the details on how to write a sudoers file.
#

# Host alias specification

# User alias specification
User_Alias	NOAUTHENTICATE = apache
User_Alias	NOLECTURE = apache
# Cmnd alias specification
Cmnd_Alias SASLPASSWD2=/usr/sbin/saslpasswd2 -p [A-z]*
# Defaults specification
Defaults:NOLECTURE	!lecture
Defaults:apache		!authenticate
# User privilege specification
root	ALL=(ALL) ALL
apache ALL=SASLPASSWD2 
# Uncomment to allow people in group wheel to run all commands
# %wheel	ALL=(ALL)	ALL

# Same thing without a password
# %wheel	ALL=(ALL)	NOPASSWD: ALL

# Samples
# %users  ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users  localhost=/sbin/shutdown -h now



More information about the sork mailing list