Poppassd-ceti
Poppassd-ceti is a Qualcomm password changer daemon with PAM support and several other improvements. This program is intended to be a secure way to change system passwords via the Web. Methods that involve calling SUID programs directly from the Web are especially avoided. Poppassd strictly isolates the Web interface from actual password manipulations. The program contains no known security bugs that could be reported since it was released several years ago. This version uses PAM, which means you can do anything PAM can. Currently, there are PAM modules for almost all known authentication methods available.
| Tags | Networking |
|---|
Recent releases
- 02 Dec 2004 12:26
Changes: This release compiles correctly under gcc 3.3 (stdarg/vararg problem).
- 19 Aug 2003 06:08
Changes: A bug in which PAM errors (like cracklib complaints) were not actually preventing the user from changing the password was fixed. Now, if cracklib reports a weak password, it won't be accepted. To return to the previous default behavior, remove cracklib from poppassd's PAM configuration.
- 04 Jul 2003 00:25
Changes: This version has changed the default PAM service name from "passwd" to "poppassd" and added some more cleanups to password and username length. Configuration hints were also added.
- 05 Jun 2002 17:36
Changes: Some cleanups in maximum username and password length checking, more verbose logging, and support for passwords with space inside.
- 25 Mar 2002 16:01
Changes: Cosmetic changes like updated documentation.
- All comments
Recent commentsRe: Download RPM and SRPM from here
Updated the .rpm for Centos4/RHEL4
www.samera.net/rpm (http://www.samera.net/rpm/)
Re: poppassd and pam_cracklib (or passwdqc)
> When using poppasswd-ceti (or other
> poppassd) the password enforcement rules
> normally seen are bypassed when using
> poppassd.
This isn't the case for me - in fact thats the only bit that does work - cracklib will reject 'bad' passwords, but at that point it segvs and I can't find why.
So a user trying to use a bad password gets an error back, a user with a good password just has the connection close and from Horde it reports the password sucessfully changed when infact popasswd seg faulted instead of actually making the change.
poppassd and pam_cracklib (or passwdqc)
When using poppasswd-ceti (or other poppassd) the password enforcement rules normally seen are bypassed when using poppassd. This is due to it being run as root. So, a single character change in a password is accepted, for example. This is probably well known, but I cannot find a work around.
Download RPM and SRPM from here
Hi,
I have build custom .rpm and src.rpm for poppassd
since 2002 here:
http://www.samera.net/rpm/ (http://www.samera.net/rpm/)
Oliver
Recent vulnerability in poppassd_pam (GLSA 200501-22)
On January 13. 2005 Gentoo released GLSA 200501-22 with description of vulnerability in poppassd_pam. Thanks to Tierry Carrez from Gentoo we clarified that this problem is NOT present in poppassd-ceti. The mentioned poppassd_pam is another project. If you are using poppassd-ceti from this page, you're safe.