PageRenderTime 269ms CodeModel.GetById 101ms app.highlight 84ms RepoModel.GetById 77ms app.codeStats 1ms

/passwd/config/backends.php

https://github.com/wrobel/horde
PHP | 597 lines | 378 code | 20 blank | 199 comment | 0 complexity | 7596979aabbcd43715be0be6319b552d MD5 | raw file
  1<?php
  2/**
  3 * This file provides defaults for backends people use to change their
  4 * passwords.
  5 *
  6 * IMPORTANT: DO NOT EDIT THIS FILE!
  7 * Local overrides MUST be placed in backends.local.php or backends.d/.
  8 * If the 'vhosts' setting has been enabled in Horde's configuration, you can
  9 * use backends-servername.php.
 10 *
 11 * There are a number of properties that you can set for each backend:
 12 *
 13 * name: This is the plaintext, english name that you want displayed to people
 14 *       if you are using the drop down server list.  Also displayed on the
 15 *       main page (input form).
 16 *
 17 * policy: The password policies for this backend. You are responsible for the
 18 *         sanity checks of these options. Options are:
 19 *
 20 *         minLength:   Minimum length of the password
 21 *         maxLength:   Maximum length of the password
 22 *         maxSpace:    Maximum number of white space characters
 23 *
 24 *         The following are the types of characters required in a password.
 25 *         Either specific characters, character classes, or both can be
 26 *         required.  Specific types are:
 27 *
 28 *         minUpper:    Minimum number of uppercase characters
 29 *         minLower:    Minimum number of lowercase characters
 30 *         minNumeric:  Minimum number of numeric characters (0-9)
 31 *         minAlphaNum: Minimum number of alphanumeric characters
 32 *         minAlpha:    Minimum number of alphabetic characters
 33 *         minSymbol:   Minimum number of alphabetic characters
 34 *
 35 *         Alternatively (or in addition to), the minimum number of character
 36 *         classes can be configured by setting the following.  The valid range
 37 *         is 0 through 4 character classes may be required for a password. The
 38 *         classes are: 'upper', 'lower', 'number', and 'symbol'.  For example:
 39 *         A password of 'p@ssw0rd' satisfies three classes ('number', 'lower',
 40 *         and 'symbol'), while 'passw0rd' only satisfies two classes ('lower'
 41 *         and 'symbols').
 42 *
 43 *         minClasses: Minimum number (0 through 4) of character classes.
 44 *
 45 * driver: The Passwd driver used to change the password. Valid values are
 46 *         currently:
 47 *
 48 *              horde:      Change the password via the configured horde
 49 *                          authentication driver
 50 *              ldap:       Change the password on a ldap server
 51 *              smbldap:    Change the password on a ldap server for both
 52 *                          ldap and samba auth
 53 *              sql:        Change the password for sql authentication
 54 *                          (exim, pam_mysql, horde)
 55 *              poppassd:   Change the password via a poppassd server
 56 *              smbpasswd:  Change the password via the smbpasswd command
 57 *              expect:     Change the password via an expect script
 58 *              vmailmgr:   Change the password via a local vmailmgr daemon
 59 *              vpopmail:   Change the password for sql based vpopmail
 60 *              servuftp:   Change the password via a servuftp server
 61 *              pine:       Change the password in a Pine-encoded file
 62 *              composite:  Allows you to chain multiple drivers together
 63 *
 64 * no_reset: Do not reset the authenticated user's credentials on success.
 65 *
 66 * params: A params array containing any additional information that the Passwd
 67 *         driver needs.
 68 *
 69 *         The following is a list of supported encryption/hashing methods
 70 *         supported by Passwd.
 71 *
 72 *         1) plain
 73 *         2) aprmd5
 74 *         3) crypt or crypt-des
 75 *         4) crypt-blowfish
 76 *         5) crypt-md5
 77 *         6) crypt-sha256
 78 *         7) crypt-sha512
 79 *         8) md5-base64
 80 *         9) md5-hex
 81 *        10) msad
 82 *        11) sha or sha1
 83 *        12) sha256 or ssha256
 84 *        13) smd5
 85 *        14) ssha
 86 *
 87 *         md5 passwords have caused some problems in the past because there
 88 *         are different definitions of what is a "md5 password".  Systems
 89 *         implement them in a different manner.  If you are using OpenLDAP as
 90 *         your backend or have migrated your passwords from your OS based
 91 *         passwd file, you will need to use the md5-base64 hashing method.  If
 92 *         you are using a SQL database or used the PHP md5() method to create
 93 *         your passwords, you will need to use the md5-hex hashing method.
 94 *
 95 * preferred: This is only useful if you want to use the same backend.php file
 96 *            for different machines: if the Hostname of the Passwd Machine is
 97 *            identical to one of those in the preferred list, then the
 98 *            corresponding option in the select box will include SELECTED,
 99 *            i.e. it is selected per default. Otherwise the first entry in the
100 *            list is selected.
101 *
102 * show_encryption: If you are using the ldap, sql or vpopmail backends you
103 *                  have the choice whether or not to store the encryption type
104 *                  with the password. If you are using for example an SQL
105 *                  based PAM you will most likely not want to store the
106 *                  encryption type as it would cause PAM to never match the
107 *                  passwords.
108 */
109
110$backends['hordeauth'] = array (
111    'disabled' => true,
112    'name' => 'Horde Authentication',
113    'preferred' => '',
114    'policy' => array(
115        'minLength' => 6,
116        'minNumeric' => 1,
117    ),
118    'driver' => 'Horde',
119);
120
121$backends['hordesql'] = array (
122    'disabled' => false,
123    'name' => 'Horde SQL Authentication',
124    'preferred' => '',
125    'policy' => array(
126        'minLength' => 6,
127        'minNumeric' => 1,
128    ),
129    'driver' => 'Sql',
130    'params' => array_merge(
131        $GLOBALS['conf']['sql'],
132        array('table' => 'horde_users',
133              'user_col' => 'user_uid',
134              'pass_col' => 'user_pass',
135              'show_encryption' => false,
136              'encryption' => $GLOBALS['conf']['auth']['params']['encryption'])
137    ),
138);
139
140$backends['poppassd'] = array(
141    'disabled' => true,
142    'name' => 'Poppassd Server',
143    'preferred' => '',
144    'policy' => array(
145        'minLength' => 6,
146        'minNumeric' => 1,
147    ),
148    'driver' => 'Poppassd',
149    'params' => array(
150        'host' => 'localhost',
151        'port' => 106
152    ),
153);
154
155$backends['servuftp'] = array(
156    'disabled' => true,
157    'name' => 'Serv-U FTP Server',
158    'preferred' => '',
159    'policy' => array(
160        'minLength' => 6,
161        'minNumeric' => 1,
162    ),
163    'driver' => 'Servuftp',
164    'params' => array(
165        'host' => 'localhost',
166        'port' => 106,
167        'timeout' => 30
168    ),
169);
170
171$backends['expect'] = array(
172    'disabled' => true,
173    'name' => 'Expect Script',
174    'preferred' => '',
175    'policy' => array(
176        'minLength' => 6,
177        'minNumeric' => 1,
178    ),
179    'driver' => 'Expect',
180    'params' => array(
181        'program' => '/usr/bin/expect',
182        'script' => PASSWD_BASE . '/scripts/passwd-expect',
183        'params' => '-telnet -host localhost -output /tmp/passwd.log'
184    ),
185);
186
187$backends['sudo_expect'] = array(
188    'disabled' => true,
189    'name' => 'Expect with Sudo Script',
190    'preferred' => '',
191    'policy' => array(
192        'minLength' => 6,
193        'minNumeric' => 1,
194    ),
195    'driver' => 'Procopen',
196    'params' => array(
197        'program' => '/usr/bin/expect '
198            . PASSWD_BASE . '/scripts/passwd_expect -sudo'
199    ),
200);
201
202$backends['smbpasswd'] = array(
203    'disabled' => true,
204    'name' => 'Samba Server',
205    'preferred' => '',
206    'policy' => array(
207        'minLength' => 6,
208        'minNumeric' => 1,
209    ),
210    'driver' => 'Smbpasswd',
211    'params' => array(
212        'program' => '/usr/bin/smbpasswd',
213        'host' => 'localhost'
214    ),
215);
216
217// NOTE: to set the ldap userdn, see horde/config/hooks.php
218$backends['ldap'] = array(
219    'disabled' => true,
220    'name' => 'LDAP Server',
221    'preferred' => '',
222    'policy' => array(
223        'minLength' => 6,
224        'minNumeric' => 1,
225    ),
226    'driver' => 'Ldap',
227    'params' => array(
228        'host' => 'localhost',
229        'port' => 389,
230        'basedn' => 'o=example.com',
231        // LDAP object key attribute.
232        'uid' => 'uid',
233        // The attribute storing the password.
234        'attribute' => 'userPassword',
235        // These attributes will enable shadow password policies.
236        // 'shadowlastchange' => 'shadowLastChange',
237        // 'shadowmin' => 'shadowMin',
238        // This will be appended to the username when looking for the userdn.
239        'realm' => '',
240        // Use this filter when searching for the user's DN.
241        'filter' => '',
242        // Hash method to use when storing the password
243        'encryption' => 'crypt',
244        // Whether to enable TLS for this LDAP connection
245        // Note: make sure that the host matches cn in the server certificate.
246        'tls' => false
247    ),
248);
249
250// NOTE: to set the ldap userdn, see horde/config/hooks.php
251$backends['ldapadmin'] = array(
252    'disabled' => true,
253    'name' => 'LDAP Server with Admin Bindings',
254    'preferred' => '',
255    'policy' => array(
256        'minLength' => 6,
257        'minNumeric' => 1,
258    ),
259    'driver' => 'Ldap',
260    'params' => array(
261        'host' => 'localhost',
262        'port' => 389,
263        'basedn' => 'o=example.com',
264        'admindn' => 'cn=admin,o=example.com',
265        'adminpw' => 'somepassword',
266        // LDAP object key attribute.
267        'uid' => 'uid',
268        // The attribute storing the password.
269        'attribute' => 'userPassword',
270        // These attributes will enable shadow password policies.
271        // 'shadowlastchange' => 'shadowLastChange',
272        // 'shadowmin' => 'shadowMin',
273        // This will be appended to the username when looking for the userdn.
274        'realm' => '',
275        // Use this filter when searching for the user's DN.
276        'filter' => '',
277        // Hash method to use when storing the password
278        'encryption' => 'crypt',
279        // If set, should be 0 or 1. See the LDAP documentation about the
280        // corresponding parameter REFERRALS.
281        // Windows 2003 Server require to set this parameter to 0
282        // 'referrals' => 0,
283        // Whether to enable TLS for this LDAP connection
284        // Note: make sure that the host matches cn in the server certificate.
285        'tls' => false
286    ),
287);
288
289// NOTE: to set the ldap userdn, see horde/config/hooks.php
290// NOTE: to make work with samba 2.x schema you must change lm_attribute and
291// nt_attribute
292$backends['smbldap'] = array(
293    'disabled' => true,
294    'name' => 'Samba/LDAP Server',
295    'preferred' => '',
296    'policy' => array(
297        'minLength' => 6,
298        'minNumeric' => 1,
299    ),
300    'driver' => 'Smbldap',
301    'params' => array(
302        'host' => 'localhost',
303        'port' => 389,
304        'basedn' => 'o=example.com',
305        // LDAP object key attribute.
306        'uid' => 'uid',
307        // The attribute storing the password.
308        'attribute' => 'userPassword',
309        // This will be appended to the username when looking for the userdn.
310        'realm' => '',
311        // Use this filter when searching for the user's DN.
312        'filter' => '',
313        // Hash method to use when storing the password
314        'encryption' => 'crypt',
315        // Whether to enable TLS for this LDAP connection
316        // Note: make sure that the host matches cn in the server certificate.
317        'tls' => false,
318        // If any of the following attributes are commented out, they
319        // won't be set on the LDAP server.
320        'lm_attribute' => 'sambaLMPassword',
321        'nt_attribute' => 'sambaNTPassword',
322        'pw_set_attribute' => 'sambaPwdLastSet',
323        'pw_expire_attribute' => 'sambaPwdMustChange',
324         // The number of days until samba passwords expire. If this
325         // is commented out, passwords will never expire.
326        'pw_expire_time' => 180,
327    ),
328);
329
330$backends['sql'] = array (
331    'disabled' => true,
332    'name' => 'SQL Server',
333    'preferred' => '',
334    'policy' => array(
335        'minLength' => 6,
336        'minNumeric' => 1,
337    ),
338    'driver' => 'Sql',
339    'params' => array(
340        'phptype' => 'mysql',
341        'hostspec' => 'localhost',
342        'username' => 'dbuser',
343        'password' => 'dbpasswd',
344        'encryption' => 'md5-hex',
345        'database' => 'db',
346        'table' => 'users',
347        'user_col' => 'user_uid',
348        'pass_col' => 'user_pass',
349        'show_encryption' => false
350        // The following two settings allow you to specify custom queries for
351        // lookup and modify functions if special functions need to be
352        // performed.  In places where a username or a password needs to be
353        // used, refer to this placeholder reference:
354        //    %d -> gets substituted with the domain
355        //    %u -> gets substituted with the user
356        //    %U -> gets substituted with the user without a domain part
357        //    %p -> gets substituted with the plaintext password
358        //    %e -> gets substituted with the encrypted password
359        //
360        // 'query_lookup' => 'SELECT user_pass FROM horde_users WHERE user_uid = %u',
361        // 'query_modify' => 'UPDATE horde_users SET user_pass = %e WHERE user_uid = %u',
362    ),
363);
364
365$backends['mailmgr'] = array(
366    'disabled' => true,
367    'name' => 'VMailMgr Server',
368    'preferred' => '',
369    'policy' => array(),
370    'driver' => 'Vmailmgr',
371    'params' => array(
372        'vmailinc' => '/your/path/to/the/vmail.inc'
373    ),
374);
375
376$backends['vpopmail'] = array (
377    'disabled' => true,
378    'name' => 'Vpopmail Server',
379    'preferred' => '',
380    'policy' => array(
381        'minLength' => 6,
382        'minNumeric' => 1,
383    ),
384    'driver' => 'Vpopmail',
385    'params' => array(
386        'phptype' => 'mysql',
387        'hostspec' => 'localhost',
388        'username' => '',
389        'password' => '',
390        'encryption' => 'crypt',
391        'database' => 'vpopmail',
392        'table' => 'vpopmail',
393        'name' => 'pw_name',
394        'domain' => 'pw_domain',
395        'passwd' => 'pw_passwd',
396        'clear_passwd' => 'pw_clear_passwd',
397        'use_clear_passwd' => true,
398        'show_encryption' => true
399    ),
400);
401
402$backends['pine'] = array(
403    'disabled' => true,
404    'name' => 'Pine Password File',
405    'preferred' => '',
406    'policy' => array(
407        'minLength' => 6,
408        'minNumeric' => 1,
409    ),
410    'driver' => 'Pine',
411    'no_reset' => true,
412    'params' => array(
413        // FTP server information.
414        'host' => 'localhost',
415        'port' => '21',
416        'path' => '',
417        'file' => '.pinepw',
418        // Connect using the just-passed-in password?
419        'use_new_passwd' => false,
420        // Host string to look for in the encrypted file.
421        'imaphost' => 'localhost'
422    ),
423);
424
425$backends['kolab'] = array(
426    'disabled' => true,
427    'name' => 'Local Kolab Server',
428    'preferred' => '',
429    'policy' => array(
430        'minLength' => 6,
431        'minNumeric' => 1,
432    ),
433    'driver' => 'Kolab',
434    'params' => array(),
435);
436
437$backends['myscript'] = array(
438    'disabled' => true,
439    'name' => 'Custom Script',
440    'preferred' => '',
441    'policy' => array(
442        'minLength' => 6,
443        'minNumeric' => 1,
444    ),
445    'driver' => 'Procopen',
446    'params' => array(
447        'program' => '/path/to/my/script + myargs'
448    ),
449);
450
451// This is an example configuration for the http driver.  This allows
452// connecting to an arbitrary URL that contains a password change form.
453// The params 'username','oldPasswd','passwd1', and 'passwd2' params should be
454// set to the name of the respective form input elements on the html form.  If
455// there are additional form fields that the form requires, define them in the
456// 'fields' array in the form 'formFieldName' => 'formFieldValue'.  The driver
457// attempts to determine the success or failure based on searching the returned
458// html page for the values listed in the 'eval_results' array.
459$backends['http'] = array(
460    'disabled' => true,
461    'name' => 'HTTP Server',
462    'preferred' => '',
463    'policy' => array(
464        'minLength' => 6,
465        'minNumeric' => 1,
466    ),
467    'driver' => 'Http',
468    'params' => array(
469        'url' => 'http://www.example.com/psoft/servlet/psoft.hsphere.CP',
470        'username' => 'mbox',
471        'oldPasswd' => 'old_password',
472        'passwd1' => 'password',
473        'passwd2' => 'password2',
474        'fields' => array(
475            'action' => 'change_mbox_password',
476            'ftemplate' => 'design/mail_passw.html'
477        ),
478        'eval_results' => array(
479            'success' => 'Password successfully changed',
480            'badPass' => 'Bad old password',
481            'badUser' => 'Mailbox not found'
482        ),
483    ),
484);
485
486$backends['soap'] = array(
487    'disabled' => true,
488    'name' => 'SOAP Server',
489    'preferred' => '',
490    'policy' => array(
491        'minLength' => 6,
492        'minNumeric' => 1,
493    ),
494    'driver' => 'Soap',
495    'params' => array(
496        // If this service doesn't have a WSDL, the 'location' and 'uri'
497        // parameters below must be specified instead.
498        'wsdl' => 'http://www.example.com/service.wsdl',
499        'method' => 'changePassword',
500        // This is the order of the arguments to the method specified above.
501        'arguments' => array('username', 'oldpassword', 'newpassword'),
502        // These parameters are directly passed to the SoapClient object, see
503        // http://ww.php.net/manual/en/soapclient.soapclient.php for a
504        // complete list of possible parameters.
505        'soap_params' => array(
506            'location' => '',
507            'uri' => '',
508         ),
509    ),
510);
511
512// This is an example configuration for Postfix.admin 2.3.
513// Set the 'password_policy' section as you wish.
514// In most installations you probably only need to change the
515// hostspec and/or  password fields.
516$backends['postfixadmin'] = array (
517    'disabled' => true,
518    'name' => 'Postfix Admin server',
519    'preferred' => '',
520    'policy' => array(
521        'minLength' => 6,
522        'maxLength' => 20,
523        'minNumeric' => 1,
524    ),
525    'driver' => 'Sql',
526    'params' => array(
527        'phptype' => 'mysql',
528        'hostspec' => 'localhost',
529        'username' => 'postfix',
530        'password' => 'PASSWORD',
531        'encryption' => 'crypt-md5',
532        'database' => 'postfix',
533        'table' => 'mailbox',
534        'user_col' => 'username',
535        'pass_col' => 'password',
536        'show_encryption' => false,
537        // The following two settings allow you to specify custom queries for
538        // lookup and modify functions if special functions need to be
539        // performed.  In places where a username or a password needs to be
540        // used, refer to this placeholder reference:
541        //    %d -> gets substituted with the domain
542        //    %u -> gets substituted with the user
543        //    %U -> gets substituted with the user without a domain part
544        //    %p -> gets substituted with the plaintext password
545        //    %e -> gets substituted with the encrypted password
546        //
547        'query_lookup' => 'SELECT password FROM mailbox WHERE username = %u and active = 1', 
548        'query_modify' => 'UPDATE mailbox SET password = %e WHERE username = %u'
549    ),
550);
551
552// This is an example configuration for chaining multiple drivers to allow for
553// syncing of passwords across many backends using the composite driver as a
554// wrapper.
555//
556// Each of the subdrivers may contain an optional parameter called 'required'
557// that, when set to true, will cause the rest of the drivers be skipped if a
558// particular one fails.
559$backends['composite'] = array(
560    'disabled' => true,
561    'name' => 'All Services',
562    'preferred' => '',
563    'policy' => array(
564        'minLength' => 6,
565        'minNumeric' => 1,
566    ),
567    'driver' => 'Composite',
568    'params' => array('drivers' => array(
569        'sql' => array(
570            'name' => 'Horde Authentication',
571            'driver' => 'Sql',
572            'required' => true,
573            'params' => array(
574                'phptype' => 'mysql',
575                'hostspec' => 'localhost',
576                'username' => 'horde',
577                'password' => '',
578                'encryption' => 'md5-hex',
579                'database' => 'horde',
580                'table' => 'horde_users',
581                'user_col' => 'user_uid',
582                'pass_col' => 'user_pass',
583                'show_encryption' => false
584                // 'query_lookup' => '',
585                // 'query_modify' => '',
586            ),
587        ),
588        'smbpasswd' => array(
589            'name' => 'Samba Server',
590            'driver' => 'Smbpasswd',
591            'params' => array(
592                'program' => '/usr/bin/smbpasswd',
593                'host' => 'localhost',
594            ),
595        ),
596    )),
597);