DESCRIPTION

poppassd runs from inetd and listens on TCP port 106 by default. Its sole purpose in life is to engage in short FTP-like conversations from client applications and execute (or deny) remote password changes via the PAM facilities configured in /etc/pam.d/poppassd. The conversation looks something like this:

  • 200 poppassd v1.8.4 hello, who are you?

    user adconrad

    200 Your password please.

    pass foo

    200 Your new password please.

    newpass bar

    200 Password changed, thank-you.

    quit

    200 Bye.

As can be seen from the example above, unencrypted passwords are transmitted over the network. Because of this, it is recommended that you use this daemon only for local loopback password changing (for instance, from Perl, Python, or PHP web applications on the same server) and block all non-local access to port 106, either via tcpwrappers (/etc/hosts.deny) or with appropriate firewall rules.

If sending unencrypted passwords over the wire doesn't bug you terribly much (as in the case of an ISP with hundreds of POP3 mail accounts), this daemon can provide a simple way for some of your clients (those running mail clients that actually support this protocol) to easily change their passwords.

FILES

/etc/pam.d/poppassd

Contains the PAM configuration for poppassd. By default on Debian, it merely includes the common-auth and common-password files, which should work in most cases. If this doesn't cut it for your site, tailor to suit.

RELATED TO poppassd…

pam(7), inetd(8), hosts.deny(5)

AUTHOR

This manual page was written by Adam Conrad <[email protected]> for the Debian operating system.