Uncategorized

Mac OS X Server + SquirrelMail: Changing user passwords

SquirrelMail does not come with the ability to chang user passwords. This is becaus SM is just a PHP based mail client and has nothing to do with the authentication server. Password authentication is done differently on Linux, Mac OS X, and Windows, so there is no default password changing feature. Luckily, SM accepts plugin modules.

Individuals have come up with password changing modules that interface with LDAP, Merak, MySQL, PAM (poppassd), Courier (courierpassd), Cyrus, and the UNIX shadow password file.

Unfortunately, there is no plug-in available for CGP’s PWD. 

***Update***
Now there is a easy hack to make the Change_passwd plugin module work with Mac OS X’s authentication server.

***Update 4/22/2008***

For Mac OS X servers v. 10.2.x~10.3.x, you can use an open source API called “dspasswd” to interface SM/Change_passwd to the Open Directory password service. For 10.4.x, Apple has included an API called “pwpolicy” that works very well. For this example, we’ll use pwpolicy on 10.4.x.

0. You will need the appropriate version of the Compatibility plugin already installed.
1. Download the version of the “Change_passwd” plugin for your version of SM.
2. Unzip the change_passwd directory into the SM/plugins directory.


gzip -xzfr change_passwd_x.tar.gz

3. Open the change_passwd directory. Copy config.php.sample to config.php.


cd change_passwd
cp config.php.sample config.php

3. Edit config.php to point the plugin to the pwpolicy API:


$overridePathToChpasswd = '/usr/bin/pwpolicy';

4. Edit options.php. Find and comment out:


// $cmd = "$overridePathToChpasswd $safe_user $safe_oldpw $safe_newpw";

Add right after:


$cmd = "$overridePathToChpasswd -a $safe_user -p $safe_oldpw -u $safe_user -setpassword $safe_newpw";

5. In v.4.0 of the plugin, there is a typo in functions.php:


compatibility_check_plugin_setup('change_passwd', array('config.php'));

should be:


check_plugin_setup('change_passwd', array('config.php'));

6. In v.4.0 of the plugin, there is a typo in options.php, line 64:


textdomain('empty_folders');

should be:


textdomain('change_passwd');

7. Run SM the configure tool:


cd /usr/share/squirrelmail
./configure

8. Turn on the change_passwd plugin.

The plugin will now be available under the Options menu through the webmail interface. Try it out.

***Update 11/07/2008***

To use the change_passwd plug-in, you also need the compatibillity plug-in. The last update to the change_passwd plug-in was in 2004 when the the compatibility plug-in was on version 1.3.

Alas, the change_passwd plug-in does not work with the newest compatibility plug-in. So far, I have confirmed that the compatibilty plugin works up to 2.0.2.

I suspect this is because the location of the compatibility patch was change in 2.0.3.

***Update 12/29/2008***

A beta version of the Change Password plugin is available at:
http://archive.netbsd.se/view_attachment.php?id=1688097.8505

The beta version 4.2-1.2.8 released on 12/07/05 includes switches for ‘pwpolicy’ in the config.php file and does not require any changes in functions.php or options.php.

I have confirmed that change_passwd v.4.2b-1.2.8r120705 works with the compatibility plugin 2.0.13.

Leave a Reply