UnixAuth Manual

Unixauth should ONLY be used if you have an existing mail server whose email accounts are in fact unix user accounts, it should not be used otherwise UNLESS you want to give your email users a shell account on your unix system.

Unixauth will only work if run as root. Thus the application using it i.e. SurgeMail needs to be setup to run as root before it can be used.

Configuration options

The configuration options below go in an unixauth.ini file which is located in the same directory as the unixauth binary OR in a directory specified by the -path command line option.

Setting Default
user_group <UID>
user_home /home
user_baseid 500
loglevel info
debug false
passwd_file /etc/passwd
shadow_file /etc/shadow
group_file /etc/group
noshadow false
changes_retries 10
crypt_type NORMAL
user_group:      The name of the group that new users are added to, <UID> is a
                 special case where a new group is created with the same name
                 as the user and a group id equal to the users uid if possible
                 otherwise gid is set to highest available gid.

user_home:       The base directory for user home directory creation, a home
                 directory called the users name (without any @domain.com,
                 if present) is created in this directory for every new user.

user_baseid:     The lowest new user uid, UnixAuth will find the first available
                 uid greater than all existing uid's and greater than this setting.

loglevel:        The amount of data to log, error logs only errors, info logs
                 errors and info, debug logs everything.

debug:           If set to "true" has same effect as "loglevel debug".

domain:          The domain name, if set this domain name is appended to all
                 usernames returned by all the commands. It is NOT appended to
                 usernames added to the passwd,shadow or group files.

passwd_file:     Password file to modify.

shadow_file:     Shadow file to modify, if you have shadow passwords and have
                 noshadow set to false.

group_file:      Group file to modify.

noshadow:        Turn shadow passwords off, shadow password support is only present
                 if the system supports it and if it does it may still be disabled
                 with this setting.

changes_process: The process to execute after changing the password and/or shadow files.
                 On freeBSD 4 you may want to set this to:
				   /usr/sbin/pwd_mkdb /etc/master.passwd
				 This will rebuild the pwd.db and spwd.db files.
crypt_type:      This setting allows you to tell unixauth to use a different crypting method,
                 valid settings are NORMAL,EXTENDED,MD5, and BLOWFISH.
				 Some values will not fn on some systems, unixauth will default back to the
				 next most likely method and try again, check the log for error messages.

Command Line Options

-path        Tells UnixAuth where to create it's logfile and where to find it's
             config file.

-debug       Sets the logging level to debug.

Supported Commands

Command Parameters
check <user> <pass>
lookup <user>
set <user> <pass>|(NULL) [label="value"]
del <user>
search <string> [-from n] [-max m]
check        Verifies user <user> has password <pass>, this command also
             returns the users uid and any information stored for them.

lookup       Verifies the existance of user <user> and returns uid and info
             as check command above does.

set          Add new user or modify an existing user. The special case (NULL)
             is used to modify a users info without re-setting the password.
             The optional info for a user can be anything provided then info
             label contains no spaces or quotes and the value contains no
             quotes. UnixAuth stores the info in a .unixauth_info file in the
             users home directory, which it creates.

del          Deletes a user, thier home directory and all files stored therein.

search       Returns a list of users matching the search <string>, the string
             may contain a * or ? wildcard, if it does the string is matched
             as if it was a wildcard string, otherwise a match is found only
             if the username contains the string.

version      Returns the version number.

help         Returns the above list of commands

quit         Ends session

exit         Ends session

Command Responses

A command will usually respond with a one line response, that response will
start with +OK or -ERR, example:
  +OK User test@domain.com created successfully
  -ERR Failed to create test@domain.com, could not lock password file

If a command wants to return more that one line as a response it will send
lines starting with +DATA before the final +OK or -ERR response, example:
  +DATA test@domain.com config 111
  +DATA test2@domain.com config 112
  +OK Search Complete 2 items found out of 80

If UnixAuth has a fatal error while trying to initialise then it will return
a -DEAD message like the following...
  -DEAD Failed to load config settings, access denied

If you have any questions about UnixAuth please don't hesitate to contact: