# poppassd issues

## kpoman

hello

i am setting up my squirrelmail webmail stuff, and then i add change_pass plugin, which needs poppassd to e able to change some user password as requested.

so i seen i need to install poppassd;

i did it, then added it to my xinetd.conf as you may see:

```

pana root # cat /etc/services | grep 106

#3com-tsmux     106/tcp         poppassd

#3com-tsmux     106/udp         poppassd

#> Ports are used in the TCP [45,106] to name the ends of logical

poppassd        106/tcp                         # Eudora

poppassd        106/udp                         # Eudora

pana root # 

pana root # ll /etc/xinetd.d/

total 68

drwxr-xr-x    2 root     root         4096 Dec 15 23:50 .

drwxr-xr-x   75 root     root         4096 Dec 15 23:49 ..

-rw-r--r--    1 root     root          643 Dec 15 23:47 README.services

-rw-r--r--    1 root     root          246 Dec 15 23:47 chargen-tcp

-rw-r--r--    1 root     root          266 Dec 15 23:47 chargen-udp

-rw-r--r--    1 root     root          366 Nov 28 01:43 cups-lpd

-rw-r--r--    1 root     root          300 Dec  9 20:42 cvspserver

-rw-r--r--    1 root     root          246 Dec 15 23:47 daytime-tcp

-rw-r--r--    1 root     root          272 Dec 15 23:47 daytime-udp

-rw-r--r--    1 root     root          238 Dec 15 23:47 echo-tcp

-rw-r--r--    1 root     root          263 Dec 15 23:47 echo-udp

-r-x------    1 root     bin           168 Dec 15 23:50 poppassd

-rw-r--r--    1 root     root          238 Nov  6 17:02 pure-ftpd

-rw-r--r--    1 root     root          525 Nov 17 14:45 swat

-rw-r--r--    1 root     root          205 Aug 26 23:26 telnetd

-rw-r--r--    1 root     root          270 Dec 15 23:47 time-tcp

-rw-r--r--    1 root     root          272 Dec 15 23:47 time-udp

pana root # 

pana root # cat /etc/xinetd.d/poppassd 

service poppassd

{

        socket_type     = stream

        protocol        = tcp

        wait            = no

        user            = root

        server          = /usr/bin/poppassd

        disable         = no

}

pana root # 

pana root # nmap localhost

Starting nmap 3.48 ( http://www.insecure.org/nmap/ ) at 2003-12-16 00:02 CET

Interesting ports on localhost (127.0.0.1):

(The 1640 ports scanned but not shown below are in state: closed)

PORT      STATE SERVICE

21/tcp    open  ftp

22/tcp    open  ssh

25/tcp    open  smtp

53/tcp    open  domain

80/tcp    open  http

106/tcp   open  pop3pw

111/tcp   open  rpcbind

139/tcp   open  netbios-ssn

143/tcp   open  imap

445/tcp   open  microsoft-ds

611/tcp   open  npmp-gui

618/tcp   open  unknown

953/tcp   open  rndc

3128/tcp  open  squid-http

3306/tcp  open  mysql

4000/tcp  open  remoteanything

10000/tcp open  snet-sensor-mgmt

Nmap run completed -- 1 IP address (1 host up) scanned in 2.534 seconds

pana root # 

```

so everything works as expected;

so here i go testing it under telnet:

```

pana root # telnet localhost 106

Trying 127.0.0.1...

Connected to localhost.

Escape character is '^]'.

200 pana poppassd v1.0 hello, who are you?

user testuser

200 your password please.

pass myoldpass

200 your new password please.

newpass mynewpass

200 Password changed, thank-you.

quit

200 Bye.

Connection closed by foreign host.

pana root #

ssh testuser@localhost

Enter password: mynewpass

Permission denied, please try again.

....

```

i dont know why it is not working this way, and, obviously doesnt work neither under squirrelmail :/

hope someone can give me a light of hope on thin one

and thanx lot for caring

----------

## TerminalAddict

bump

----------

## blum

I had the same problem -> and so did others as explained at the botom of:

https://bugs.gentoo.org/show_bug.cgi?id=10283

I tried poppassd-ceti - get it at: http://freshmeat.net/projects/poppassd-ceti/?topic_id=150

It works fine. And it's easy to install.

I also postet a new bug: https://bugs.gentoo.org/show_bug.cgi?id=37434

So hopefully we will get a portage package that works.

----------

## cryos

Just added my support for you blum! I tried poppassd_pam and it didn't work - same as you had described in the bug report. I then downloaded and installed poppassd-ceti and it works great. This should certainly replace poppassd_pam in portage. Thanks for posting your solution - did you make an ebuild for it?

----------

## cryos

I think this could be due to the recent upgrade of gcc, but I can no longer build poppassd-ceti  :Sad:  I get several errors, and wouldn't have a clue on how to fix them to be honest.

```
gamma poppassd-1.8.4 # make

gcc  poppassd.c -o poppassd -lpam -ldl -O2

In file included from poppassd.c:62:

/usr/lib/gcc-lib/i686-pc-linux-gnu/3.3.2/include/varargs.h:4:2: #error "GCC no longer implements <varargs.h>."

/usr/lib/gcc-lib/i686-pc-linux-gnu/3.3.2/include/varargs.h:5:2: #error "Revise your code to use <stdarg.h>."

poppassd.c: In function `WriteToClient':

poppassd.c:95: error: syntax error before "va_dcl"

poppassd.c:111: error: syntax error before "bzero"

poppassd.c:126: error: declaration for parameter `appdata_ptr' but no such parameter

poppassd.c:125: error: declaration for parameter `resp' but no such parameter

poppassd.c:124: error: declaration for parameter `msg' but no such parameter

poppassd.c:109: error: declaration for parameter `i' but no such parameter

poppassd.c:128: warning: declaration of `i' shadows a parameter

poppassd.c:129: error: `num_msg' undeclared (first use in this function)

poppassd.c:129: error: (Each undeclared identifier is reported only once

poppassd.c:129: error: for each function it appears in.)

poppassd.c:132: warning: `return' with a value, in function returning void

poppassd.c:135: warning: `return' with a value, in function returning void

poppassd.c:168: warning: `return' with a value, in function returning void

poppassd.c: At top level:

poppassd.c:172: error: `poppassd_conv' undeclared here (not in a function)

poppassd.c:172: error: initializer element is not constant

poppassd.c:172: error: (near initialization for `pam_conv.conv')

make: *** [poppassd] Error 1
```

----------

## cryos

Right - this one hasn't been easy. Should I file a bug report or not (as this poppassd isn't in portage)??? I now have it compiling under GCC 3.3.2 after getting it to use stdargs.h! Then it still didn't work  :Sad:  Then I corrected the /etc/pam.d/poppassd entry after seeing the strace of a failed program run!  :Smile:   :Smile:   :Smile:  It is now working as expected, although I would appreciate anyone's advice on whether I have used the correct settings for the pam.d file   :Question: 

```

palladium poppassd # diff poppassd.c.new poppassd.c

62c62

< #include <stdarg.h>

---

> #include <varargs.h>

93c93,95

< void WriteToClient (char *fmt, ...)

---

> void WriteToClient (fmt, va_alist)

> char *fmt;

> va_dcl

97c99

<       va_start (ap, fmt);

---

>       va_start (ap);
```

And the new /etc/pam.d/poppassd,

```

auth          required        /lib/security/pam_stack.so service=system-auth

account       required        /lib/security/pam_stack.so ervice=system-auth

password      required        /lib/security/pam_cracklib.so retry=3

password      required        /lib/security/pam_stack.so service=system-auth

```

----------

## merced

I utilized the /etc/pam.d/poppassd provided by cryos with the poppasswd_pam ebuild in portage and everything works fine.

I have a squirrelmail/Qmail system with users in /etc/passwd.

Anyone else care to post results using this or another method?

Anyone know if the /etc/pam.d/poppassd provided by cryos is the best way to accomplish this task?

----------

## cryos

Hi merced - I can tell you that it has been working now without any problems. I had totally forgotten about it to be honest with you. Still not sure if the pam settings are ideal but they do work just fine, and I can't think of any major problems with them. I am still using the same poppassd-ceti as opposed to the pam package in portage which never worked right for me...

----------

## Patastrophe

I made some changes to my /etc/pam.d/poppassd file (just copied the settings for passwd) and it worked somwhat.  Squirrelmail (through poppassd_pam) can change passwords just fine, but it doesn't reject bad passwords the same as it would if you were using passwd from the shell.  I dont' want my users to be able to use "password" as a password, then come complaining to me when their email or website gets WTF pwned, not to mention puts the accounts of other users in jeopardy.  Anyhow, if anybody has any suggestions please let me know.  I'd greatly appreciate it.

----------

