PageRenderTime 47ms CodeModel.GetById 15ms RepoModel.GetById 1ms app.codeStats 0ms

/passwd/config/backends.php

https://github.com/wrobel/horde-fw3
PHP | 548 lines | 341 code | 27 blank | 180 comment | 0 complexity | 7ef39c88afd334eb75a28bd7dce791b8 MD5 | raw file
Possible License(s): LGPL-2.0, AGPL-1.0, LGPL-2.1, BSD-2-Clause
  1. <?php
  2. /**
  3. * $Horde: passwd/config/backends.php.dist,v 1.41.2.6 2009-09-18 14:31:58 jan Exp $
  4. *
  5. * This file is where you specify what backends people use to change
  6. * their passwords. There are a number of properties that you can set
  7. * for each backend:
  8. *
  9. * name: This is the plaintext, english name that you want displayed
  10. * to people if you are using the drop down server list. Also
  11. * displayed on the main page (input form).
  12. *
  13. * password policy: The password policies for this backend. You are responsible
  14. * for the sanity checks of these options. Options are:
  15. * minLength Minimum length of the password
  16. * maxLength Maximum length of the password
  17. * maxSpace Maximum number of white space characters
  18. *
  19. * The following are the types of characters required
  20. * in a password. Either specific characters, character
  21. * classes, or both can be required. Specific types are:
  22. *
  23. * minUpper Minimum number of uppercase characters
  24. * minLower Minimum number of lowercase characters
  25. * minNumeric Minimum number of numeric characters (0-9)
  26. * minAlphaNum Minimum number of alphanumeric characters
  27. * minAlpha Minimum number of alphabetic characters
  28. * minSymbol Minimum number of alphabetic characters
  29. *
  30. * Alternatively (or in addition to), the minimum number of
  31. * character classes can be configured by setting the
  32. * following. The valid range is 0 through 4 character
  33. * classes may be required for a password. The classes are:
  34. * 'upper', 'lower', 'number', and 'symbol'. For example:
  35. * A password of 'p@ssw0rd' satisfies three classes ('number',
  36. * 'lower', and 'symbol'), while 'passw0rd' only satisfies
  37. * two classes ('lower' and 'symbols').
  38. *
  39. * minClasses Minimum number (0 through 4) of character classes.
  40. *
  41. * driver: The Passwd driver used to change the password. Valid
  42. * Valid values are currently:
  43. * ldap Change the password on a ldap server
  44. * smbldap Change the password on a ldap server for both
  45. * ldap and samba auth
  46. * sql Change the password for sql authentication
  47. * (exim, pam_mysql, horde)
  48. * poppassd Change the password via a poppassd server
  49. * smbpasswd Change the password via the smbpasswd command
  50. * expect Change the password via an expect script
  51. * vmailmgr Change the password via a local vmailmgr daemon
  52. * vpopmail Change the password for sql based vpopmail
  53. * servuftp Change the password via a servuftp server
  54. * pine Change the password in a Pine-encoded file
  55. * composite Allows you to chain multiple drivers together
  56. *
  57. * no_reset: Do not reset the authenticated user's credentials on success.
  58. *
  59. * params: A params array containing any additional information that the
  60. * Passwd driver needs.
  61. *
  62. * The following is a list of supported encryption/hashing
  63. * methods supported by Passwd.
  64. *
  65. * 1) plain
  66. * 2) crypt or crypt-des
  67. * 3) crypt-md5
  68. * 4) crypt-blowfish
  69. * 5) md5-hex
  70. * 6) md5-base64
  71. * 7) smd5
  72. * 8) sha
  73. * 9) ssha
  74. *
  75. * md5 passwords have caused some problems in the past because
  76. * there are different definitions of what is a "md5
  77. * password". Systems implement them in a different
  78. * manner. If you are using OpenLDAP as your backend or
  79. * have migrated your passwords from your OS based passwd
  80. * file, you will need to use the md5-base64 hashing
  81. * method. If you are using a SQL database or used the PHP
  82. * md5() method to create your passwords, you will need to
  83. * use the md5-hex hashing method.
  84. *
  85. * preferred: This is only useful if you want to use the same
  86. * backend.php file for different machines: if the Hostname
  87. * of the Passwd Machine is identical to one of those in
  88. * the preferred list, then the corresponding option in the
  89. * select box will include SELECTED, i.e. it is selected
  90. * per default. Otherwise the first entry in the list is
  91. * selected.
  92. *
  93. * show_encryption: If you are using the sql or the vpopmail backend
  94. * you have the choice whether or not to store the
  95. * encryption type with the password. If you are
  96. * using for example an SQL based PAM you will most
  97. * likely not want to store the encryption type as it
  98. * would cause PAM to never match the passwords.
  99. *
  100. */
  101. $backends['hordesql'] = array (
  102. 'name' => 'Horde Authentication',
  103. 'preferred' => '',
  104. 'password policy' => array(
  105. 'minLength' => 3,
  106. 'maxLength' => 8,
  107. 'maxSpace' => 0,
  108. 'minUpper' => 1,
  109. 'minLower' => 1,
  110. 'minNumeric' => 1,
  111. 'minSymbols' => 1
  112. ),
  113. 'driver' => 'sql',
  114. 'params' => array_merge($conf['sql'],
  115. array('table' => 'horde_users',
  116. 'user_col' => 'user_uid',
  117. 'pass_col' => 'user_pass',
  118. 'show_encryption' => false)),
  119. );
  120. $backends['poppassd'] = array(
  121. 'name' => 'Example Poppassd Server',
  122. 'preferred' => '',
  123. 'password policy' => array(),
  124. 'driver' => 'poppassd',
  125. 'params' => array(
  126. 'host' => 'localhost',
  127. 'port' => 106
  128. )
  129. );
  130. $backends['servuftp'] = array(
  131. 'name' => 'Example Serv-U FTP Server',
  132. 'preferred' => '',
  133. 'password policy' => array(),
  134. 'driver' => 'servuftp',
  135. 'params' => array(
  136. 'host' => 'localhost',
  137. 'port' => 106,
  138. 'timeout' => 30
  139. )
  140. );
  141. $backends['expect'] = array(
  142. 'name' => 'Example Expect Script',
  143. 'preferred' => '',
  144. 'password policy' => array(),
  145. 'driver' => 'expect',
  146. 'params' => array(
  147. 'program' => '/usr/bin/expect',
  148. 'script' => dirname(__FILE__) . '/../scripts/passwd_expect',
  149. 'params' => '-telnet -host localhost -output /tmp/passwd.log'
  150. )
  151. );
  152. $backends['sudo_expect'] = array(
  153. 'name' => 'Example Expect with Sudo Script',
  154. 'preferred' => '',
  155. 'password policy' => array(),
  156. 'driver' => 'procopen',
  157. 'params' => array(
  158. 'program' => '/usr/bin/expect ' . dirname(__FILE__) . '/../scripts/passwd_expect -sudo'
  159. )
  160. );
  161. $backends['smbpasswd'] = array(
  162. 'name' => 'Example Samba Server',
  163. 'preferred' => '',
  164. 'password policy' => array(),
  165. 'driver' => 'smbpasswd',
  166. 'params' => array(
  167. 'program' => '/usr/bin/smbpasswd',
  168. 'host' => 'localhost'
  169. )
  170. );
  171. // NOTE: to set the ldap userdn, see horde/config/hooks.php
  172. $backends['ldap'] = array(
  173. 'name' => 'Example LDAP Server',
  174. 'preferred' => 'www.example.com',
  175. 'password policy' => array(
  176. 'minLength' => 3,
  177. 'maxLength' => 8
  178. ),
  179. 'driver' => 'ldap',
  180. 'params' => array(
  181. 'host' => 'localhost',
  182. 'port' => 389,
  183. 'basedn' => 'o=example.com',
  184. 'uid' => 'uid',
  185. // these attributes will enable shadow password policies.
  186. // 'shadowlastchange' => 'shadowlastchange',
  187. // 'shadowmin' => 'shadowmin',
  188. // this will be appended to the username when looking for the userdn.
  189. 'realm' => '',
  190. 'encryption' => 'crypt',
  191. // make sure the host == cn in the server certificate
  192. 'tls' => false
  193. )
  194. );
  195. // NOTE: to set the ldap userdn, see horde/config/hooks.php
  196. $backends['ldapadmin'] = array(
  197. 'name' => 'Example LDAP Server with Admin Bindings',
  198. 'preferred' => 'www.example.com',
  199. 'password policy' => array(
  200. 'minLength' => 3,
  201. 'maxLength' => 8
  202. ),
  203. 'driver' => 'ldap',
  204. 'params' => array(
  205. 'host' => 'localhost',
  206. 'port' => 389,
  207. 'basedn' => 'o=example.com',
  208. 'admindn' => 'cn=admin,o=example.com',
  209. 'adminpw' => 'somepassword',
  210. // LDAP object key attribute
  211. 'uid' => 'uid',
  212. // these attributes will enable shadow password policies.
  213. // 'shadowlastchange' => 'shadowlastchange',
  214. // 'shadowmin' => 'shadowmin',
  215. 'attribute' => 'clearPassword',
  216. // this will be appended to the username when looking for the userdn.
  217. 'realm' => '',
  218. // Use this filter when searching for the user's DN.
  219. 'filter' => '',
  220. // Hash method to use when storing the password
  221. 'encryption' => 'crypt',
  222. // Only applies to LDAP servers. If set, should be 0 or 1. See the LDAP
  223. // documentation about the corresponding parameter REFERRALS.
  224. // Windows 2003 Server require to set this parameter to 0
  225. //'referrals' => 0,
  226. // Whether to enable TLS for this LDAP connection
  227. // Note: make sure the host matches cn in the server certificate
  228. 'tls' => false
  229. )
  230. );
  231. // NOTE: to set the ldap userdn, see horde/config/hooks.php
  232. // NOTE: to make work with samba 2.x schema you must change lm_attribute and
  233. // nt_attribute
  234. $backends['smbldap'] = array(
  235. 'name' => 'Example Samba/LDAP Server',
  236. 'preferred' => 'www.example.com',
  237. 'password policy' => array(
  238. 'minLength' => 3,
  239. 'maxLength' => 8
  240. ),
  241. 'driver' => 'smbldap',
  242. 'params' => array(
  243. 'host' => 'localhost',
  244. 'port' => 389,
  245. 'basedn' => 'o=example.com',
  246. 'uid' => 'uid',
  247. // This will be appended to the username when looking for the userdn.
  248. 'realm' => '',
  249. 'encryption' => 'crypt',
  250. // Make sure the host == cn in the server certificate.
  251. 'tls' => false,
  252. // If any of the following attributes are commented out, they
  253. // won't be set on the LDAP server.
  254. 'lm_attribute' => 'sambaLMPassword',
  255. 'nt_attribute' => 'sambaNTPassword',
  256. 'pw_set_attribute' => 'sambaPwdLastSet',
  257. 'pw_expire_attribute' => 'sambaPwdMustChange',
  258. // The number of days until samba passwords expire. If this
  259. // is commented out, passwords will never expire.
  260. 'pw_expire_time' => 180,
  261. )
  262. );
  263. $backends['sql'] = array (
  264. 'name' => 'Exampe SQL Server',
  265. 'preferred' => '',
  266. 'password policy' => array(
  267. 'minLength' => 3,
  268. 'maxLength' => 8,
  269. 'maxSpace' => 0,
  270. 'minUpper' => 1,
  271. 'minLower' => 1,
  272. 'minNumeric' => 1,
  273. 'minSymbols' => 1
  274. ),
  275. 'driver' => 'sql',
  276. 'params' => array(
  277. 'phptype' => 'mysql',
  278. 'hostspec' => 'localhost',
  279. 'username' => 'dbuser',
  280. 'password' => 'dbpasswd',
  281. 'encryption' => 'md5-hex',
  282. 'database' => 'db',
  283. 'table' => 'users',
  284. 'user_col' => 'user_uid',
  285. 'pass_col' => 'user_pass',
  286. 'show_encryption' => false
  287. // The following two settings allow you to specify custom queries for
  288. // lookup and modify functions if special functions need to be
  289. // performed. In places where a username or a password needs to be
  290. // used, refer to this placeholder reference:
  291. // %d -> gets substituted with the domain
  292. // %u -> gets substituted with the user
  293. // %U -> gets substituted with the user without a domain part
  294. // %p -> gets substituted with the plaintext password
  295. // %e -> gets substituted with the encrypted password
  296. //
  297. // 'query_lookup' => 'SELECT user_pass FROM horde_users WHERE user_uid = %u',
  298. // 'query_modify' => 'UPDATE horde_users SET user_pass = %e WHERE user_uid = %u',
  299. )
  300. );
  301. $backends['vmailmgr'] = array(
  302. 'name' => 'Example VMailMgr Server',
  303. 'preferred' => '',
  304. 'password policy' => array(),
  305. 'driver' => 'vmailmgr',
  306. 'params' => array(
  307. 'vmailinc' => '/your/path/to/the/vmail.inc'
  308. )
  309. );
  310. $backends['vpopmail'] = array (
  311. 'name' => 'Example Vpopmail Server',
  312. 'preferred' => '',
  313. 'password policy' => array(
  314. 'minLength' => 3,
  315. 'maxLength' => 8,
  316. 'maxSpace' => 0,
  317. 'minUpper' => 0,
  318. 'minLower' => 0,
  319. 'minNumeric' => 0
  320. ),
  321. 'driver' => 'vpopmail',
  322. 'params' => array(
  323. 'phptype' => 'mysql',
  324. 'hostspec' => 'localhost',
  325. 'username' => '',
  326. 'password' => '',
  327. 'encryption' => 'crypt',
  328. 'database' => 'vpopmail',
  329. 'table' => 'vpopmail',
  330. 'name' => 'pw_name',
  331. 'domain' => 'pw_domain',
  332. 'passwd' => 'pw_passwd',
  333. 'clear_passwd' => 'pw_clear_passwd',
  334. 'use_clear_passwd' => true,
  335. 'show_encryption' => true
  336. )
  337. );
  338. $backends['pine'] = array(
  339. 'name' => 'Example Pine Password File',
  340. 'preferred' => '',
  341. 'password policy' => array(),
  342. 'driver' => 'pine',
  343. 'no_reset' => true,
  344. 'params' => array(
  345. // FTP server information.
  346. 'host' => 'localhost',
  347. 'port' => '21',
  348. 'path' => '',
  349. 'file' => '.pinepw',
  350. // Connect using the just-passed-in password?
  351. 'use_new_passwd' => false,
  352. // Host string to look for in the encrypted file.
  353. 'imaphost' => 'localhost'
  354. )
  355. );
  356. $backends['kolab'] = array(
  357. 'name' => 'Local Kolab Server',
  358. 'preferred' => '',
  359. 'password policy' => array(
  360. 'minLength' => 3,
  361. 'maxLength' => 8
  362. ),
  363. 'driver' => 'kolab',
  364. 'params' => array()
  365. );
  366. $backends['myscript'] = array(
  367. 'name' => 'example.com',
  368. 'preferred' => 'localhost',
  369. 'password policy' => array(),
  370. 'driver' => 'procopen',
  371. 'params' => array(
  372. 'program' => '/path/to/my/script + myargs'
  373. )
  374. );
  375. // This is an example configuration for the http driver. This allows
  376. // connecting to an arbitrary URL that contains a password change form.
  377. // The params 'username','oldPasswd','passwd1', and 'passwd2' params should be
  378. // set to the name of the respective form input elements on the html form. If
  379. // there are additional form fields that the form requires, define them in the
  380. // 'fields' array in the form 'formFieldName' => 'formFieldValue'. The driver
  381. // attempts to determine the success or failure based on searching the returned
  382. // html page for the values listed in the 'eval_results' array.
  383. $backends['http'] = array (
  384. 'name' => 'Email password on IMAP server',
  385. 'preferred' => '',
  386. 'password policy' => array(
  387. 'minLength' => 3,
  388. 'maxLength' => 8,
  389. 'maxSpace' => 0,
  390. 'minUpper' => 0,
  391. 'minLower' => 1,
  392. 'minNumeric' => 1,
  393. 'minSymbols' => 0
  394. ),
  395. 'driver' => 'http',
  396. 'params' => array(
  397. 'url' => 'http://www.example.com/psoft/servlet/psoft.hsphere.CP',
  398. 'username' => 'mbox',
  399. 'oldPasswd' => 'old_password',
  400. 'passwd1' => 'password',
  401. 'passwd2' => 'password2',
  402. 'fields' => array(
  403. 'action' => 'change_mbox_password',
  404. 'ftemplate' => 'design/mail_passw.html'
  405. ),
  406. 'eval_results' => array(
  407. 'success' => 'Password successfully changed',
  408. 'badPass' => 'Bad old password',
  409. 'badUser' => 'Mailbox not found'
  410. )
  411. )
  412. );
  413. $backends['soap'] = array(
  414. 'name' => 'Example SOAP Server',
  415. 'preferred' => '',
  416. 'password policy' => array(),
  417. 'driver' => 'soap',
  418. 'params' => array(
  419. // If this service doesn't have a WSDL, the 'location' and 'uri'
  420. // parameters below must be specified instead.
  421. 'wsdl' => 'http://www.example.com/service.wsdl',
  422. 'method' => 'changePassword',
  423. // This is the order of the arguments to the method specified above.
  424. 'arguments' => array('username', 'oldpassword', 'newpassword'),
  425. // These parameters are directly passed to the SoapClient object, see
  426. // http://ww.php.net/manual/en/soapclient.soapclient.php for a
  427. // complete list of possible parameters.
  428. 'soap_params' => array(
  429. 'location' => '',
  430. 'uri' => '',
  431. ),
  432. )
  433. );
  434. // This is an example configuration for Postfix.admin 2.3.
  435. // Set the 'password_policy' section as you wish.
  436. // In most installations you probably only need to change the
  437. // hostspec and /or password fields.
  438. $backends['postfixadmin'] = array (
  439. 'name' => 'Postfix Admin server',
  440. 'preferred' => 'true',
  441. 'password policy' => array(
  442. 'minLength' => 6,
  443. 'maxLength' => 20,
  444. 'maxSpace' => 0,
  445. 'minUpper' => 1,
  446. 'minLower' => 1,
  447. 'minNumeric' => 1,
  448. 'minSymbols' => 0
  449. ),
  450. 'driver' => 'sql',
  451. 'params' => array(
  452. 'phptype' => 'mysql',
  453. 'hostspec' => 'localhost',
  454. 'username' => 'postfix',
  455. 'password' => 'PASSWORD',
  456. 'encryption' => 'crypt-md5',
  457. 'database' => 'postfix',
  458. 'table' => 'mailbox',
  459. 'user_col' => 'username',
  460. 'pass_col' => 'password',
  461. 'show_encryption' => false,
  462. // The following two settings allow you to specify custom queries for
  463. // lookup and modify functions if special functions need to be
  464. // performed. In places where a username or a password needs to be
  465. // used, refer to this placeholder reference:
  466. // %d -> gets substituted with the domain
  467. // %u -> gets substituted with the user
  468. // %U -> gets substituted with the user without a domain part
  469. // %p -> gets substituted with the plaintext password
  470. // %e -> gets substituted with the encrypted password
  471. //
  472. 'query_lookup' => 'SELECT password FROM mailbox WHERE username = %u and active = 1',
  473. 'query_modify' => 'UPDATE mailbox SET password = %e WHERE username = %u'
  474. )
  475. );
  476. // This is an example configuration for chaining multiple drivers to allow for
  477. // syncing of passwords across many backends using the composite driver as a
  478. // wrapper.
  479. //
  480. // Each of the subdrivers may contain an optional parameter called 'required'
  481. // that, when set to true, will cause the rest of the drivers be skipped if a
  482. // particular one fails.
  483. $backends['composite'] = array(
  484. 'name' => 'Example All Services',
  485. 'preferred' => '',
  486. 'password policy' => array(
  487. 'minLength' => 3,
  488. 'maxLength' => 8,
  489. 'minClasses' => 2,
  490. ),
  491. 'driver' => 'composite',
  492. 'params' => array('drivers' => array(
  493. 'sql' => array(
  494. 'name' => 'Horde Authentication',
  495. 'driver' => 'sql',
  496. 'required' => true,
  497. 'params' => array(
  498. 'phptype' => 'mysql',
  499. 'hostspec' => 'localhost',
  500. 'username' => 'horde',
  501. 'password' => '',
  502. 'encryption' => 'md5-hex',
  503. 'database' => 'horde',
  504. 'table' => 'horde_users',
  505. 'user_col' => 'user_uid',
  506. 'pass_col' => 'user_pass',
  507. 'show_encryption' => false
  508. // 'query_lookup' => '',
  509. // 'query_modify' => '',
  510. ),
  511. ),
  512. 'smbpasswd' => array(
  513. 'name' => 'Samba Server',
  514. 'driver' => 'smbpasswd',
  515. 'params' => array(
  516. 'program' => '/usr/bin/smbpasswd',
  517. 'host' => 'localhost',
  518. ),
  519. ),
  520. )),
  521. );