Provided by: courierpassd_1.1.2-3_amd64 bug

NAME
       courierpassd - change passwords from across the network using the Courier authentication library


SYNOPSIS
       courierpassd [-hV] [-s SERVICE] [--stderr]

       courierpassd -s, --service SERVICE

       courierpassd --stderr

       courierpassd -h, --help

       courierpassd -V, --version


DESCRIPTION
       courierpassd   allows   users  to  change  their  passwords  from  remote  locations  using  the  Courier
       authentication library. Usernames can be up to 64 characters long  while  passwords  can  be  up  to  128
       characters long.

       courierpassd   uses  the  poppassd  protocol  for  obtaining  authentication  tokens  from  the  network.
       courierpassd is intended to be run from a super-server such as tcpserver or xinetd.

       The service specified by the -s switch will depend on the particular  authentication  modules  installed.
       Often  'login' will be appropriate but other possibilities include 'imap' and 'pop3'. This value defaults
       to 'login'. See the Courier documentation for a further explanation of this switch.

       The minimum uid that courierpassd will attempt to change a password for can be set at compile time  using
       the  configure option --with-minuid.  courierpassd will refuse to change the password of a user whose uid
       is below this value. The default value is 100. This value should never be set to 0 as  this  would  allow
       root's password to be changed from a remote location.

       A second configure option, --with-badpassdelay, can be used to set the delay in seconds that courierpassd
       sleeps  after  an  unsuccessful  password  change  attempt.  This feature is designed to make brute force
       attacks against passwords harder to perform. The default value is 3.


LOGGING
       Logging is done to syslog by default or to stderr if the --stderr switch is used.  courierpassd logs  all
       password change attempts whether they are successful or not.

       courierpassd  does  certain  checks on command line arguments so it is important to put --stderr first in
       the argument list if it is to be used in order for these checks to be logged properly.


EXAMPLE CLIENT-SERVER CONVERSATION
       All messages passed between server and client are text based allowing  a  client  session  to  be  easily
       mimicked with telnet. Using telnet, changing a user's password would look like this:

            Connected to localhost.localdomain (127.0.0.1).
            Escape character is '^]'.
            200 courierpassd 1.1.2 hello, who are you?\r\n
            user <username>\r\n
            200 Your password please.\r\n
            pass <current password>
            200 Your new password please.\r\n
            newpass <new password>\r\n
            200 Password changed, thank-you.\r\n
            quit\r\n
            200 Bye.\r\n
            Connection closed by foreign host.


BUGS
       If you've found a bug in courierpassd, please report it to freeware@arda.homeunix.net


SEE ALSO
       http://www.courier-mta.org/authlib/

       http://echelon.pl/pubs/poppassd.html


AUTHOR
       courierpassd was written by Andrew St. Jean

       Courier authentication library was written by Sam Varshavchik

       poppassd  was written by Pawel Krawczyk based on an ealier version written by John Norstad, Roy Smith and
       Daniel L. Leavitt

GNU/Linux                                          20 Jan 2005                                   COURIERPASSD(8)