From bd0551b22076b82a6d49e9f7a2b2e0c90a1b2326 Mon Sep 17 00:00:00 2001 From: Aleksander Machniak <alec@alec.pl> Date: Fri, 05 Feb 2016 07:25:27 -0500 Subject: [PATCH] Secure also downloads of addressbook exports, managesieve script exports and Enigma keys exports --- plugins/password/README | 57 +++++++++++++++++++++++++++++++++++++++------------------ 1 files changed, 39 insertions(+), 18 deletions(-) diff --git a/plugins/password/README b/plugins/password/README index 89ffeb3..88cc849 100644 --- a/plugins/password/README +++ b/plugins/password/README @@ -44,7 +44,9 @@ 2.18. Samba (smb) 2.19. Vpopmail daemon (vpopmaild) 2.20. Plesk (Plesk RPC-API) + 2.21. Kpasswd 3. Driver API + 4. Sudo setup 1. Configuration @@ -301,6 +303,7 @@ Driver to change Samba user password via the 'smbpasswd' command. See config.inc.php.dist file for configuration description. + 2.19. Vpopmail daemon (vpopmaild) ----------------------------------- @@ -311,34 +314,52 @@ Set $config['password_vpopmaild_port'] to the port of vpopmaild. + Set $config['password_vpopmaild_timeout'] to the timeout used for the TCP + connection to vpopmaild (You may want to set it higher on busy servers). + 2.20. Plesk (Plesk RPC-API) --------------------------- - + Driver for changing Passwords via Plesk RPC-API. This Driver also works with Parallels Plesk Automation (PPA). - - You need to allow the IP of the Roundcube-Server for RPC-Calls in the Panel. - - - Set $config['password_plesk_host'] to the Hostname / IP where Plesk runs - - Set your Admin or RPC User: $config['password_plesk_user'] - - Set the Password of the User: $config['password_plesk_pass'] - - Set $config['password_plesk_rpc_port'] for the RPC-Port. Usually its 8443 - - Set the RPC-Path in $config['password_plesk_rpc_path']. Normally this is: enterprise/control/agent.php; - + You need to allow the IP of the Roundcube-Server for RPC-Calls in the Panel. + + Set $config['password_plesk_host'] to the Hostname / IP where Plesk runs + Set your Admin or RPC User: $config['password_plesk_user'] + Set the Password of the User: $config['password_plesk_pass'] + Set $config['password_plesk_rpc_port'] for the RPC-Port. Usually its 8443 + Set the RPC-Path in $config['password_plesk_rpc_path']. Normally this is: enterprise/control/agent.php. + + + 2.21. Kpasswd + ----------------------------------- + + Driver to change the password in Kerberos environments via the 'kpasswd' command. + See config.inc.php.dist file for configuration description. + 3. Driver API ------------- - Driver file (<driver_name>.php) must define 'password_save' function with - two arguments. First - current password, second - new password. Function - should return PASSWORD_SUCCESS on success or any of PASSWORD_CONNECT_ERROR, + Driver file (<driver_name>.php) must define rcube_<driver_name>_password class + with public save() method that has two arguments. First - current password, second - new password. + This method should return PASSWORD_SUCCESS on success or any of PASSWORD_CONNECT_ERROR, PASSWORD_CRYPT_ERROR, PASSWORD_ERROR when driver was unable to change password. Extended result (as a hash-array with 'message' and 'code' items) can be returned too. See existing drivers in drivers/ directory for examples. + + 4. Sudo setup + ------------- + + Some drivers that execute system commands (like chpasswd) require use of sudo command. + Here's a sample for CentOS 7: + + # cat <<END >/etc/sudoers.d/99-roundcubemail + apache ALL=NOPASSWD:/usr/sbin/chpasswd + Defaults:apache !requiretty + <<END + + Note: on different systems the username (here 'apache') may be different, e.g. www. + Note: on some systems the disabling tty line may not be needed. -- Gitblit v1.9.1