Unixauth should ONLY be used if you have an existing mail server whose email accounts are in fact unix user accounts, it should not be used otherwise UNLESS you want to give your email users a shell account on your unix system.
Unixauth will only work if run as root. Thus the application using it i.e. SurgeMail needs to be setup to run as root before it can be used.
The configuration options below go in an unixauth.ini file which is located in the same directory as the unixauth binary OR in a directory specified by the -path command line option.
| Setting | Default |
|---|---|
| user_group | <UID> |
| user_home | /home |
| user_baseid | 500 |
| loglevel | info |
| debug | false |
| domain | |
| passwd_file | /etc/passwd |
| shadow_file | /etc/shadow |
| group_file | /etc/group |
| noshadow | false |
| changes_process | |
| changes_retries | 10 |
| crypt_type | NORMAL |
user_group: The name of the group that new users are added to, <UID> is a
special case where a new group is created with the same name
as the user and a group id equal to the users uid if possible
otherwise gid is set to highest available gid.
user_home: The base directory for user home directory creation, a home
directory called the users name (without any @domain.com,
if present) is created in this directory for every new user.
user_baseid: The lowest new user uid, UnixAuth will find the first available
uid greater than all existing uid's and greater than this setting.
loglevel: The amount of data to log, error logs only errors, info logs
errors and info, debug logs everything.
debug: If set to "true" has same effect as "loglevel debug".
domain: The domain name, if set this domain name is appended to all
usernames returned by all the commands. It is NOT appended to
usernames added to the passwd,shadow or group files.
passwd_file: Password file to modify.
shadow_file: Shadow file to modify, if you have shadow passwords and have
noshadow set to false.
group_file: Group file to modify.
noshadow: Turn shadow passwords off, shadow password support is only present
if the system supports it and if it does it may still be disabled
with this setting.
changes_process: The process to execute after changing the password and/or shadow files.
On freeBSD 4 you may want to set this to:
/usr/sbin/pwd_mkdb /etc/master.passwd
This will rebuild the pwd.db and spwd.db files.
crypt_type: This setting allows you to tell unixauth to use a different crypting method,
valid settings are NORMAL,EXTENDED,MD5, and BLOWFISH.
Some values will not fn on some systems, unixauth will default back to the
next most likely method and try again, check the log for error messages.
-path Tells UnixAuth where to create it's logfile and where to find it's
config file.
-debug Sets the logging level to debug.
| Command | Parameters |
|---|---|
| check | <user> <pass> |
| lookup | <user> |
| set | <user> <pass>|(NULL) [label="value"] |
| del | <user> |
| search | <string> [-from n] [-max m] |
| version | |
| help | |
| quit | |
| exit |
check Verifies user <user> has password <pass>, this command also
returns the users uid and any information stored for them.
lookup Verifies the existance of user <user> and returns uid and info
as check command above does.
set Add new user or modify an existing user. The special case (NULL)
is used to modify a users info without re-setting the password.
The optional info for a user can be anything provided then info
label contains no spaces or quotes and the value contains no
quotes. UnixAuth stores the info in a .unixauth_info file in the
users home directory, which it creates.
del Deletes a user, thier home directory and all files stored therein.
search Returns a list of users matching the search <string>, the string
may contain a * or ? wildcard, if it does the string is matched
as if it was a wildcard string, otherwise a match is found only
if the username contains the string.
version Returns the version number.
help Returns the above list of commands
quit Ends session
exit Ends session
A command will usually respond with a one line response, that response will start with +OK or -ERR, example: +OK User test@domain.com created successfully -ERR Failed to create test@domain.com, could not lock password file If a command wants to return more that one line as a response it will send lines starting with +DATA before the final +OK or -ERR response, example: +DATA test@domain.com config 111 +DATA test2@domain.com config 112 +OK Search Complete 2 items found out of 80 If UnixAuth has a fatal error while trying to initialise then it will return a -DEAD message like the following... -DEAD Failed to load config settings, access denied
If you have any questions about UnixAuth please don't hesitate to contact: support-netauth@netwinsite.com