PageRenderTime 378ms CodeModel.GetById 161ms app.highlight 18ms RepoModel.GetById 193ms app.codeStats 1ms

/passwd/config/backends.php

https://github.com/wrobel/horde-fw3
PHP | 548 lines | 341 code | 27 blank | 180 comment | 0 complexity | 7ef39c88afd334eb75a28bd7dce791b8 MD5 | raw file
  1<?php
  2/**
  3 * $Horde: passwd/config/backends.php.dist,v 1.41.2.6 2009-09-18 14:31:58 jan Exp $
  4 *
  5 * This file is where you specify what backends people use to change
  6 * their passwords. There are a number of properties that you can set
  7 * for each backend:
  8 *
  9 * name: This is the plaintext, english name that you want displayed
 10 *       to people if you are using the drop down server list.  Also
 11 *       displayed on the main page (input form).
 12 *
 13 * password policy: The password policies for this backend. You are responsible
 14 *                  for the sanity checks of these options. Options are:
 15 *              minLength   Minimum length of the password
 16 *              maxLength   Maximum length of the password
 17 *              maxSpace    Maximum number of white space characters
 18 *
 19 *                  The following are the types of characters required
 20 *                  in a password.  Either specific characters, character
 21 *                  classes, or both can be required.  Specific types are:
 22 *
 23 *              minUpper    Minimum number of uppercase characters
 24 *              minLower    Minimum number of lowercase characters
 25 *              minNumeric  Minimum number of numeric characters (0-9)
 26 *              minAlphaNum Minimum number of alphanumeric characters
 27 *              minAlpha    Minimum number of alphabetic characters
 28 *              minSymbol   Minimum number of alphabetic characters
 29 *
 30 *                  Alternatively (or in addition to), the minimum number of
 31 *                  character classes can be configured by setting the
 32 *                  following.  The valid range is 0 through 4 character
 33 *                  classes may be required for a password. The classes are:
 34 *                  'upper', 'lower', 'number', and 'symbol'.  For example:
 35 *                  A password of 'p@ssw0rd' satisfies three classes ('number',
 36 *                  'lower', and 'symbol'), while 'passw0rd' only satisfies
 37 *                  two classes ('lower' and 'symbols').
 38 *
 39 *              minClasses  Minimum number (0 through 4) of character classes.
 40 *
 41 * driver:    The Passwd driver used to change the password. Valid
 42 *            Valid values are currently:
 43 *              ldap         Change the password on a ldap server
 44 *              smbldap      Change the password on a ldap server for both
 45 *                           ldap and samba auth
 46 *              sql          Change the password for sql authentication
 47 *                           (exim, pam_mysql, horde)
 48 *              poppassd     Change the password via a poppassd server
 49 *              smbpasswd    Change the password via the smbpasswd command
 50 *              expect       Change the password via an expect script
 51 *              vmailmgr     Change the password via a local vmailmgr daemon
 52 *              vpopmail     Change the password for sql based vpopmail
 53 *              servuftp     Change the password via a servuftp server
 54 *              pine         Change the password in a Pine-encoded file
 55 *              composite    Allows you to chain multiple drivers together
 56 *
 57 * no_reset:  Do not reset the authenticated user's credentials on success.
 58 *
 59 * params:    A params array containing any additional information that the
 60 *            Passwd driver needs.
 61 *
 62 *            The following is a list of supported encryption/hashing
 63 *            methods supported by Passwd.
 64 *
 65 *            1) plain
 66 *            2) crypt or crypt-des
 67 *            3) crypt-md5
 68 *            4) crypt-blowfish
 69 *            5) md5-hex
 70 *            6) md5-base64
 71 *            7) smd5
 72 *            8) sha
 73 *            9) ssha
 74 *
 75 *            md5 passwords have caused some problems in the past because
 76 *            there are different definitions of what is a "md5
 77 *            password".  Systems implement them in a different
 78 *            manner.  If you are using OpenLDAP as your backend or
 79 *            have migrated your passwords from your OS based passwd
 80 *            file, you will need to use the md5-base64 hashing
 81 *            method.  If you are using a SQL database or used the PHP
 82 *            md5() method to create your passwords, you will need to
 83 *            use the md5-hex hashing method.
 84 *
 85 * preferred: This is only useful if you want to use the same
 86 *            backend.php file for different machines: if the Hostname
 87 *            of the Passwd Machine is identical to one of those in
 88 *            the preferred list, then the corresponding option in the
 89 *            select box will include SELECTED, i.e. it is selected
 90 *            per default. Otherwise the first entry in the list is
 91 *            selected.
 92 *
 93 * show_encryption: If you are using the sql or the vpopmail backend
 94 *                  you have the choice whether or not to store the
 95 *                  encryption type with the password. If you are
 96 *                  using for example an SQL based PAM you will most
 97 *                  likely not want to store the encryption type as it
 98 *                  would cause PAM to never match the passwords.
 99 *
100 */
101
102$backends['hordesql'] = array (
103    'name' => 'Horde Authentication',
104    'preferred' => '',
105    'password policy' => array(
106        'minLength' => 3,
107        'maxLength' => 8,
108        'maxSpace' => 0,
109        'minUpper' => 1,
110        'minLower' => 1,
111        'minNumeric' => 1,
112        'minSymbols' => 1
113    ),
114    'driver' => 'sql',
115    'params' => array_merge($conf['sql'],
116                            array('table' => 'horde_users',
117                                  'user_col' => 'user_uid',
118                                  'pass_col' => 'user_pass',
119                                  'show_encryption' => false)),
120);
121
122$backends['poppassd'] = array(
123    'name' => 'Example Poppassd Server',
124    'preferred' => '',
125    'password policy' => array(),
126    'driver' => 'poppassd',
127    'params' => array(
128        'host' => 'localhost',
129        'port' => 106
130    )
131);
132
133$backends['servuftp'] = array(
134    'name' => 'Example Serv-U FTP Server',
135    'preferred' => '',
136    'password policy' => array(),
137    'driver' => 'servuftp',
138    'params' => array(
139        'host' => 'localhost',
140        'port' => 106,
141        'timeout' => 30
142    )
143);
144
145$backends['expect'] = array(
146    'name' => 'Example Expect Script',
147    'preferred' => '',
148    'password policy' => array(),
149    'driver' => 'expect',
150    'params' => array(
151        'program' => '/usr/bin/expect',
152        'script' => dirname(__FILE__) . '/../scripts/passwd_expect',
153        'params' => '-telnet -host localhost -output /tmp/passwd.log'
154    )
155);
156
157$backends['sudo_expect'] = array(
158    'name' => 'Example Expect with Sudo Script',
159    'preferred' => '',
160    'password policy' => array(),
161    'driver' => 'procopen',
162    'params' => array(
163        'program' => '/usr/bin/expect ' . dirname(__FILE__) . '/../scripts/passwd_expect -sudo'
164    )
165);
166
167$backends['smbpasswd'] = array(
168    'name' => 'Example Samba Server',
169    'preferred' => '',
170    'password policy' => array(),
171    'driver' => 'smbpasswd',
172    'params' => array(
173        'program' => '/usr/bin/smbpasswd',
174        'host' => 'localhost'
175    )
176);
177
178// NOTE: to set the ldap userdn, see horde/config/hooks.php
179$backends['ldap'] = array(
180    'name' => 'Example LDAP Server',
181    'preferred' => 'www.example.com',
182    'password policy' => array(
183        'minLength' => 3,
184        'maxLength' => 8
185    ),
186    'driver' => 'ldap',
187    'params' => array(
188        'host' => 'localhost',
189        'port' => 389,
190        'basedn' => 'o=example.com',
191        'uid' => 'uid',
192        // these attributes will enable shadow password policies.
193        // 'shadowlastchange' => 'shadowlastchange',
194        // 'shadowmin' => 'shadowmin',
195        // this will be appended to the username when looking for the userdn.
196        'realm' => '',
197        'encryption' => 'crypt',
198        // make sure the host == cn in the server certificate
199        'tls' => false
200    )
201);
202
203// NOTE: to set the ldap userdn, see horde/config/hooks.php
204$backends['ldapadmin'] = array(
205    'name' => 'Example LDAP Server with Admin Bindings',
206    'preferred' => 'www.example.com',
207    'password policy' => array(
208        'minLength' => 3,
209        'maxLength' => 8
210    ),
211    'driver' => 'ldap',
212    'params' => array(
213        'host' => 'localhost',
214        'port' => 389,
215        'basedn' => 'o=example.com',
216        'admindn' => 'cn=admin,o=example.com',
217        'adminpw' => 'somepassword',
218
219        // LDAP object key attribute
220        'uid' => 'uid',
221
222        // these attributes will enable shadow password policies.
223        // 'shadowlastchange' => 'shadowlastchange',
224        // 'shadowmin' => 'shadowmin',
225        'attribute' => 'clearPassword',
226
227        // this will be appended to the username when looking for the userdn.
228        'realm' => '',
229
230        // Use this filter when searching for the user's DN.
231        'filter' => '',
232
233        // Hash method to use when storing the password
234        'encryption' => 'crypt',
235    
236        // Only applies to LDAP servers. If set, should be 0 or 1. See the LDAP 
237        // documentation about the corresponding parameter REFERRALS.
238        // Windows 2003 Server require to set this parameter to 0
239        //'referrals' => 0,
240        
241
242        // Whether to enable TLS for this LDAP connection
243        // Note: make sure the host matches cn in the server certificate
244        'tls' => false
245    )
246);
247
248// NOTE: to set the ldap userdn, see horde/config/hooks.php
249// NOTE: to make work with samba 2.x schema you must change lm_attribute and
250// nt_attribute
251$backends['smbldap'] = array(
252    'name' => 'Example Samba/LDAP Server',
253    'preferred' => 'www.example.com',
254    'password policy' => array(
255        'minLength' => 3,
256        'maxLength' => 8
257    ),
258    'driver' => 'smbldap',
259    'params' => array(
260        'host' => 'localhost',
261        'port' => 389,
262        'basedn' => 'o=example.com',
263        'uid' => 'uid',
264        // This will be appended to the username when looking for the userdn.
265        'realm' => '',
266        'encryption' => 'crypt',
267        // Make sure the host == cn in the server certificate.
268        'tls' => false,
269        // If any of the following attributes are commented out, they
270        // won't be set on the LDAP server.
271        'lm_attribute' => 'sambaLMPassword',
272        'nt_attribute' => 'sambaNTPassword',
273        'pw_set_attribute' => 'sambaPwdLastSet',
274        'pw_expire_attribute' => 'sambaPwdMustChange',
275         // The number of days until samba passwords expire. If this
276         // is commented out, passwords will never expire.
277        'pw_expire_time' => 180,
278    )
279);
280
281$backends['sql'] = array (
282    'name' => 'Exampe SQL Server',
283    'preferred' => '',
284    'password policy' => array(
285        'minLength' => 3,
286        'maxLength' => 8,
287        'maxSpace' => 0,
288        'minUpper' => 1,
289        'minLower' => 1,
290        'minNumeric' => 1,
291        'minSymbols' => 1
292    ),
293    'driver' => 'sql',
294    'params' => array(
295        'phptype'    => 'mysql',
296        'hostspec'   => 'localhost',
297        'username'   => 'dbuser',
298        'password'   => 'dbpasswd',
299        'encryption' => 'md5-hex',
300        'database'   => 'db',
301        'table'      => 'users',
302        'user_col'   => 'user_uid',
303        'pass_col'   => 'user_pass',
304        'show_encryption' => false
305        // The following two settings allow you to specify custom queries for
306        // lookup and modify functions if special functions need to be
307        // performed.  In places where a username or a password needs to be
308        // used, refer to this placeholder reference:
309        //    %d -> gets substituted with the domain
310        //    %u -> gets substituted with the user
311        //    %U -> gets substituted with the user without a domain part
312        //    %p -> gets substituted with the plaintext password
313        //    %e -> gets substituted with the encrypted password
314        //
315        // 'query_lookup' => 'SELECT user_pass FROM horde_users WHERE user_uid = %u',
316        // 'query_modify' => 'UPDATE horde_users SET user_pass = %e WHERE user_uid = %u',
317    )
318);
319
320$backends['vmailmgr'] = array(
321    'name' => 'Example VMailMgr Server',
322    'preferred' => '',
323    'password policy' => array(),
324    'driver' => 'vmailmgr',
325    'params' => array(
326        'vmailinc' => '/your/path/to/the/vmail.inc'
327    )
328);
329
330$backends['vpopmail'] = array (
331    'name' => 'Example Vpopmail Server',
332    'preferred' => '',
333    'password policy' => array(
334        'minLength' => 3,
335        'maxLength' => 8,
336        'maxSpace' => 0,
337        'minUpper' => 0,
338        'minLower' => 0,
339        'minNumeric' => 0
340    ),
341    'driver' => 'vpopmail',
342    'params' => array(
343        'phptype'    => 'mysql',
344        'hostspec'   => 'localhost',
345        'username'   => '',
346        'password'   => '',
347        'encryption' => 'crypt',
348        'database'   => 'vpopmail',
349        'table'      => 'vpopmail',
350        'name'    => 'pw_name',
351        'domain'  => 'pw_domain',
352        'passwd' =>  'pw_passwd',
353        'clear_passwd' => 'pw_clear_passwd',
354        'use_clear_passwd' => true,
355        'show_encryption' => true
356    )
357);
358
359$backends['pine'] = array(
360    'name' => 'Example Pine Password File',
361    'preferred' => '',
362    'password policy' => array(),
363    'driver' => 'pine',
364    'no_reset' => true,
365    'params' => array(
366        // FTP server information.
367        'host' => 'localhost',
368        'port' => '21',
369        'path' => '',
370        'file' => '.pinepw',
371        // Connect using the just-passed-in password?
372        'use_new_passwd' => false,
373        // Host string to look for in the encrypted file.
374        'imaphost' => 'localhost'
375    )
376);
377
378$backends['kolab'] = array(
379    'name' => 'Local Kolab Server',
380    'preferred' => '',
381    'password policy' => array(
382        'minLength' => 3,
383        'maxLength' => 8
384    ),
385    'driver' => 'kolab',
386    'params' => array()
387);
388
389$backends['myscript'] = array(
390    'name' => 'example.com',
391    'preferred' => 'localhost',
392    'password policy' => array(),
393    'driver' => 'procopen',
394    'params' => array(
395        'program' => '/path/to/my/script + myargs'
396    )
397);
398
399// This is an example configuration for the http driver.  This allows
400// connecting to an arbitrary URL that contains a password change form.
401// The params 'username','oldPasswd','passwd1', and 'passwd2' params should be
402// set to the name of the respective form input elements on the html form.  If
403// there are additional form fields that the form requires, define them in the
404// 'fields' array in the form 'formFieldName' => 'formFieldValue'.  The driver
405// attempts to determine the success or failure based on searching the returned
406// html page for the values listed in the 'eval_results' array.
407$backends['http'] = array (
408    'name' => 'Email password on IMAP server',
409    'preferred' => '',
410    'password policy' => array(
411        'minLength' => 3,
412        'maxLength' => 8,
413        'maxSpace' => 0,
414        'minUpper' => 0,
415        'minLower' => 1,
416        'minNumeric' => 1,
417        'minSymbols' => 0
418    ),
419    'driver' => 'http',
420    'params' => array(
421         'url' => 'http://www.example.com/psoft/servlet/psoft.hsphere.CP',
422         'username' => 'mbox',
423         'oldPasswd' => 'old_password',
424         'passwd1'   => 'password',
425         'passwd2'   => 'password2',
426         'fields' => array(
427            'action'    => 'change_mbox_password',
428            'ftemplate'  => 'design/mail_passw.html'
429            ),
430         'eval_results' => array(
431            'success' => 'Password successfully changed',
432            'badPass' => 'Bad old password',
433            'badUser' => 'Mailbox not found'
434            )
435    )
436);
437
438$backends['soap'] = array(
439    'name' => 'Example SOAP Server',
440    'preferred' => '',
441    'password policy' => array(),
442    'driver' => 'soap',
443    'params' => array(
444        // If this service doesn't have a WSDL, the 'location' and 'uri'
445        // parameters below must be specified instead.
446        'wsdl' => 'http://www.example.com/service.wsdl',
447        'method' => 'changePassword',
448        // This is the order of the arguments to the method specified above.
449        'arguments' => array('username', 'oldpassword', 'newpassword'),
450        // These parameters are directly passed to the SoapClient object, see
451        // http://ww.php.net/manual/en/soapclient.soapclient.php for a
452        // complete list of possible parameters.
453        'soap_params' => array(
454            'location' => '',
455            'uri' => '',
456         ),
457    )
458);
459
460// This is an example configuration for Postfix.admin 2.3.
461// Set the 'password_policy' section as you wish.
462// In most installations you probably only need to change the 
463// hostspec and /or  password fields.
464$backends['postfixadmin'] = array (
465    'name' => 'Postfix Admin server',
466    'preferred' => 'true',
467    'password policy' => array(
468        'minLength' => 6,
469        'maxLength' => 20,
470        'maxSpace' => 0,
471        'minUpper' => 1,
472        'minLower' => 1,
473        'minNumeric' => 1,
474        'minSymbols' => 0
475    ),
476    'driver' => 'sql',
477    'params' => array(
478        'phptype'    => 'mysql',
479        'hostspec'   => 'localhost',
480        'username'   => 'postfix',
481        'password'   => 'PASSWORD',
482        'encryption' => 'crypt-md5',
483        'database'   => 'postfix',
484        'table'      => 'mailbox',
485        'user_col'   => 'username',
486        'pass_col'   => 'password',
487        'show_encryption' => false,
488        // The following two settings allow you to specify custom queries for
489        // lookup and modify functions if special functions need to be
490        // performed.  In places where a username or a password needs to be
491        // used, refer to this placeholder reference:
492        //    %d -> gets substituted with the domain
493        //    %u -> gets substituted with the user
494        //    %U -> gets substituted with the user without a domain part
495        //    %p -> gets substituted with the plaintext password
496        //    %e -> gets substituted with the encrypted password
497        //
498        'query_lookup' => 'SELECT password FROM mailbox WHERE username = %u and active = 1', 
499        'query_modify' => 'UPDATE mailbox SET password = %e WHERE username = %u'
500    )
501);
502
503// This is an example configuration for chaining multiple drivers to allow for
504// syncing of passwords across many backends using the composite driver as a
505// wrapper.
506//
507// Each of the subdrivers may contain an optional parameter called 'required'
508// that, when set to true, will cause the rest of the drivers be skipped if a
509// particular one fails.
510$backends['composite'] = array(
511   'name' => 'Example All Services',
512   'preferred' => '',
513   'password policy' => array(
514       'minLength' => 3,
515       'maxLength' => 8,
516       'minClasses' => 2,
517   ),
518   'driver' => 'composite',
519   'params' => array('drivers' => array(
520       'sql' => array(
521           'name' => 'Horde Authentication',
522           'driver' => 'sql',
523           'required' => true,
524           'params' => array(
525               'phptype'    => 'mysql',
526               'hostspec'   => 'localhost',
527               'username'   => 'horde',
528               'password'   => '',
529               'encryption' => 'md5-hex',
530               'database'   => 'horde',
531               'table'      => 'horde_users',
532               'user_col'   => 'user_uid',
533               'pass_col'   => 'user_pass',
534               'show_encryption' => false
535               // 'query_lookup' => '',
536               // 'query_modify' => '',
537           ),
538       ),
539       'smbpasswd' => array(
540           'name' => 'Samba Server',
541           'driver' => 'smbpasswd',
542           'params' => array(
543               'program' => '/usr/bin/smbpasswd',
544               'host' => 'localhost',
545           ),
546       ),
547   )),
548);