-This command creates the actual database, @userdb@.dat and -@userdb@shadow.dat from the plain text file +This command creates the actual database, @userdb@.db and +@userdb@shadow.db from the plain text file @userdb@. Courier will now start accepting logins to this mailbox. Adding and removing mailboxes can be done while Courier is running.

-Courier reads @userdb@.dat and -@userdb@shadow.dat only. The plain text source, +Courier reads @userdb@.db and +@userdb@shadow.db only. The plain text source, @userdb@ is not read by Courier itself. Changes take effect only when makeuserdb runs.

Large virtual domain farm

--- courier-authlib-0.60.2/authuserdb.c.p1 2006-10-29 05:22:52 +1000 +++ courier-authlib-0.60.2/authuserdb.c 2008-04-26 22:16:01 +1100 @@ -82,14 +82,14 @@ int rc; return (-1); userdb_set_debug(courier_authdebug_login_level); - userdb_init(USERDB ".dat"); + userdb_init(USERDB ".db"); if ( (u=userdb(cci.user)) == 0) { userdb_close(); return (-1); } - if ( (udbs=userdbshadow(USERDB "shadow.dat", cci.user)) == 0) + if ( (udbs=userdbshadow(USERDB "shadow.db", cci.user)) == 0) { free(u); userdb_close(); --- courier-authlib-0.60.2/authuserdbpwd.c.p1 2006-10-29 05:22:52 +1000 +++ courier-authlib-0.60.2/authuserdbpwd.c 2008-04-26 22:16:01 +1100 @@ -254,7 +254,7 @@ static int dochangepwd1(const char *serv struct userdbs *udb; - udbs=userdbshadow(USERDB "shadow.dat", uid); + udbs=userdbshadow(USERDB "shadow.db", uid); if (!udbs) { @@ -305,7 +305,7 @@ static int dochangepwd1(const char *serv free(passwords); free(udbs); - userdb_init(USERDB ".dat"); + userdb_init(USERDB ".db"); if ( (u=userdb(uid)) == 0 || (udb=userdb_creates(u)) == 0) { --- courier-authlib-0.60.2/preauthuserdbcommon.c.p1 2006-10-29 05:22:52 +1000 +++ courier-authlib-0.60.2/preauthuserdbcommon.c 2008-04-26 22:16:01 +1100 @@ -35,7 +35,7 @@ char *passwords=0; int rc; userdb_set_debug(courier_authdebug_login_level); - userdb_init(USERDB ".dat"); + userdb_init(USERDB ".db"); /* We rely on DPRINTF doing 'safe' printing */ DPRINTF("userdb: looking up '%s'", userid); if ( (u=userdb(userid)) == 0) @@ -63,7 +63,7 @@ int rc; if (needpass) { - udbs=userdbshadow(USERDB "shadow.dat", userid); + udbs=userdbshadow(USERDB "shadow.db", userid); if (udbs) { @@ -129,7 +129,7 @@ void auth_userdb_enumerate( void(*cb_fun { struct userdbs *u; - userdb_init(USERDB ".dat"); + userdb_init(USERDB ".db"); for (u=userdb_enum_first(); u; u=userdb_enum_next()) { --- courier-authlib-0.60.2/userdb/makeuserdb.8.in.p1 2007-04-23 02:05:25 +1100 +++ courier-authlib-0.60.2/userdb/makeuserdb.8.in 2008-04-26 22:19:19 +1100 @@ -27,19 +27,19 @@ make \- create @userdb@ \fBmakeuserdb\fR creates -\fI@userdb@.dat\fR +\fI@userdb@.db\fR from the contents of \fI@userdb@\fR. \fI@userdb@\fR's contents are described later in this document. Maildrop, Courier, and other applications use -\fI@userdb@.dat\fR +\fI@userdb@.db\fR as a substitute/complement for your system password file. The usual purpose for -\fI@userdb@.dat\fR +\fI@userdb@.db\fR is to specify "virtual" accounts \- accounts that do not have an associated system login. Usually (but not necessarily) all virtual accounts share the same system userid. -\fI@userdb@.dat\fR +\fI@userdb@.db\fR may also replace your system password file. Because the system password file is a text file, when there's a large number of accounts it will be significantly faster to search -\fI@userdb.dat@\fR, which is a binary database, instead of a flat text file that the system password file usually is. +\fI@userdb.db@\fR, which is a binary database, instead of a flat text file that the system password file usually is. .PP The \fBmakeuserdb\fR @@ -48,10 +48,10 @@ command can be safely executed during no The \fB\-f\fR option creates -\fI\fIfilename\fR\fR\fI.dat\fR +\fI\fIfilename\fR\fR\fI.db\fR from \fI\fIfilename\fR\fR, instead of the default -\fI@userdb@.dat\fR +\fI@userdb@.db\fR from \fI@userdb@\fR. .SS "Format of \fI@userdb@\fR" @@ -82,7 +82,7 @@ is followed by exactly one tab character is the name of the field, \fIvalue\fR is the field value. Fields and values themself cannot contain slashes or control characters. Fields may be specified in any order. Here are all the currently defined fields. Note that not every field is used by every application that reads -\fI@userdb@.dat\fR. +\fI@userdb@.db\fR. .PP \fIuid\fR @@ -149,14 +149,14 @@ Courier has a software\-based Maildir quota enforcement mechanism which requires additional setup and configuration. See \fI\fBmaildirquota\fR(7)\fR\&[2] for additional information. -.SS "\fI@userdb@shadow.dat\fR" +.SS "\fI@userdb@shadow.db\fR" .PP All fields whose name ends with 'pw' will NOT copied to -\fI@userdb@.dat\fR. These fields will be copied to -\fI@userdb@shadow.dat\fR. +\fI@userdb@.db\fR. These fields will be copied to +\fI@userdb@shadow.db\fR. \fBmakeuserdb\fR creates -\fI@userdb@shadow.dat\fR +\fI@userdb@shadow.db\fR without any group and world permissions. Note that \fBmakeuserdb\fR reports an error if @@ -190,7 +190,7 @@ After saving the output of \fBpw2userdb\fR, you must still run \fBmakeuserdb\fR to create -\fI@userdb@.dat\fR. +\fI@userdb@.db\fR. .PP \fBvchkpw2userdb\fR @@ -240,7 +240,7 @@ makeuserdb .PP It is still necessary to run \fBmakeuserdb\fR, of course, to create the binary database file -\fI@userdb@.dat\fR +\fI@userdb@.db\fR .PP NOTE: You are still required to create the \fB@userdb@\fR @@ -274,8 +274,8 @@ without having to go in and cleaning up .RS 4 .nf \fI@userdb@\fR -\fI@userdb@.dat\fR -\fI@userdb@shadow.dat\fR +\fI@userdb@.db\fR +\fI@userdb@shadow.db\fR \fI@tmpdir@/userdb.tmp\fR \- temporary file \fI@tmpdir@/userdbshadow.tmp\fR \- temporary file .fi --- courier-authlib-0.60.2/userdb/makeuserdb.html.in.p1 2007-04-23 02:05:26 +1100 +++ courier-authlib-0.60.2/userdb/makeuserdb.html.in 2008-04-26 22:21:13 +1100 @@ -5,31 +5,31 @@ Copyright 1998 - 2007 Double Precision, information. -->

Name

make — create @userdb@

Synopsis

makeuserdb [-f filename]

pw2userdb

vchkpw2userdb [--vpopmailhome=dir] [--todir=dir]

DESCRIPTION

-makeuserdb creates @userdb@.dat from +makeuserdb creates @userdb@.db from the contents of @userdb@. @userdb@'s contents are described later in this document. Maildrop, Courier, and other applications use -@userdb@.dat as a +@userdb@.db as a substitute/complement for your system password file. The usual purpose for -@userdb@.dat is to specify "virtual" accounts - accounts +@userdb@.db is to specify "virtual" accounts - accounts that do not have an associated system login. Usually (but not necessarily) all virtual accounts share the same system userid. -@userdb@.dat may also replace +@userdb@.db may also replace your system password file. Because the system password file is a text file, when there's a large number of accounts it will be significantly faster to search -@userdb.dat@, which is a binary database, +@userdb@.db, which is a binary database, instead of a flat text file that the system password file usually is.

The makeuserdb command can be safely executed during normal system activity.

The -f option creates -filename.dat from +filename.db from filename, instead of the -default @userdb@.dat from +default @userdb@.db from @userdb@.

Format of `@userdb@`

@userdb@ is a plain text file that can be created using any text editor. Blank lines are ignored. Lines that start with the # @@ -51,7 +51,7 @@ Fields and values themself cannot contai Fields may be specified in any order. Here are all the currently defined fields. Note that not every field is used by every application that reads -@userdb@.dat.

+@userdb@.db.
uid - value is a (possibly) unique numerical user ID for this account.
gid - value is a (possibly) @@ -92,11 +92,11 @@ software-based Maildir quota enforcement mechanism which requires additional setup and configuration. See maildirquota(7) -for additional information.

`@userdb@shadow.dat`

+for additional information.

`@userdb@shadow.db`

All fields whose name ends with 'pw' will NOT copied to -@userdb@.dat. These fields will be copied to -@userdb@shadow.dat. -makeuserdb creates @userdb@shadow.dat +@userdb@.db. These fields will be copied to +@userdb@shadow.db. +makeuserdb creates @userdb@shadow.db without any group and world permissions. Note that makeuserdb reports an error if @userdb@ has any group @@ -120,7 +120,7 @@ amount of time it takes to look up this information.

After saving the output of pw2userdb, you must still run makeuserdb to create -@userdb@.dat.

+@userdb@.db.

vchkpw2userdb converts a vpopmail-style directory hierarchy to the @userdb@ format. This is an external virtual domain management package that's often used @@ -153,7 +153,7 @@ vchkpw2userdb --todir=@userdb@/vpopmail makeuserdb

It is still necessary to run makeuserdb, of course, to -create the binary database file @userdb@.dat

+create the binary database file @userdb@.db

NOTE: You are still required to create the @userdb@ entry which maps system userids back to accounts, @@ -180,8 +180,8 @@ This allows you to run vchkpw2userdb without having to go in and cleaning up again, afterwards.

BUGS

makeuserdb is a Perl script, and uses Perl's portable --- courier-authlib-0.60.2/userdb/makeuserdb.in.p1 2006-03-25 23:31:21 +1000 +++ courier-authlib-0.60.2/userdb/makeuserdb.in 2008-04-26 22:16:01 +1100 @@ -27,10 +27,10 @@ if ($name eq "-f") { $dbfile=~s/\/$//; } -$datfile=$dbfile.".dat"; +$datfile=$dbfile.".db"; # XXX the lock file here is etc/userdb.lock but the userdb command uses etc/.lock.userdb $lockfile=$dbfile.".lock"; -$shadowfile=$dbfile."shadow.dat"; +$shadowfile=$dbfile."shadow.db"; $tmpdatfile=$dbfile.".tmp"; $tmpshadowfile=$dbfile."shadow.tmp"; --- courier-authlib-0.60.2/userdb/userdb.8.in.p1 2007-04-23 02:05:25 +1100 +++ courier-authlib-0.60.2/userdb/userdb.8.in 2008-04-26 22:21:52 +1100 @@ -147,16 +147,16 @@ produces a list, on standard output, of \fI@userdb@\fR for this \fI\fIaddr\fR\fR. -.SS "REBUILDING \fI@userdb@.dat\fR" +.SS "REBUILDING \fI@userdb@.db\fR" .PP The actual virtual account/address database is -\fI@userdb@.dat\fR. This is a binary database file. +\fI@userdb@.db\fR. This is a binary database file. \fB@userdb@\fR is the plain text version. After running \fBuserdb\fR, execute the \fI\fBmakeuserdb\fR(8)\fR\&[1] command to rebuild -\fI@userdb@.dat\fR +\fI@userdb@.db\fR for the changes to take effect. .SH "BUGS" .PP --- courier-authlib-0.60.2/userdb/userdb.c.p1 2007-04-14 14:02:46 +1100 +++ courier-authlib-0.60.2/userdb/userdb.c 2008-04-26 22:16:01 +1100 @@ -27,7 +27,7 @@ static ino_t di; static int initialized=0; int userdb_debug_level=0; -/* Open userdb.dat, if already opened, see if it changed, if so reopen */ +/* Open userdb.db, if already opened, see if it changed, if so reopen */ void userdb_init(const char *n) { @@ -90,7 +90,7 @@ void userdb_set_debug(int lvl) userdb_debug_level = lvl; } -/* Fetch a record from userdb.dat */ +/* Fetch a record from userdb.db */ char *userdb(const char *u) { @@ -306,7 +306,7 @@ struct userdbs *userdb_enum_next() return NULL; } -/* Extracted a userdb.dat record, convert it to a userdbs structure */ +/* Extracted a userdb.db record, convert it to a userdbs structure */ struct userdbs *userdb_creates(const char *u) { --- courier-authlib-0.60.2/userdb/userdb.h.p1 2004-04-19 02:54:39 +1100 +++ courier-authlib-0.60.2/userdb/userdb.h 2008-04-26 22:16:01 +1100 @@ -15,7 +15,7 @@ extern "C" { #endif /* - Functions to access local/config/userdb.dat + Functions to access local/config/userdb.db */ void userdb_set_debug(int); --- courier-authlib-0.60.2/userdb/userdb.html.in.p1 2007-04-23 02:05:26 +1100 +++ courier-authlib-0.60.2/userdb/userdb.html.in 2008-04-26 22:22:07 +1100 @@ -82,13 +82,13 @@ output, containing all addresses found i addr is specified, userdb produces a list, on standard output, of all the fields in @userdb@ for this -addr.

BUGS

addr must be unique. If @userdb@ is a subdirectory, it's possible to create the same --- courier-authlib-0.60.2/userdb/userdbpw.8.in.p1 2007-04-23 02:05:27 +1100 +++ courier-authlib-0.60.2/userdb/userdbpw.8.in 2008-04-26 22:22:23 +1100 @@ -49,11 +49,11 @@ uses the SHA1 hash function instead. Whe library. .PP Note that even though the result of HMAC hashing looks like an encrypted password, it's really not. HMAC\-based challenge/response authentication mechanisms require the cleartext password to be available as cleartext. Computing an intermediate HMAC context does scramble the cleartext password, however if its compromised, it WILL be possible for an attacker to succesfully authenticate. Therefore, applications that use challenge/response authentication will store intermediate HMAC contexts in the "pw" fields in the userdb database, which will be compiled into the -\fIuserdbshadow.dat\fR +\fIuserdbshadow.db\fR database, which has group and world permissions turned off. The userdb library also requires that the cleartext userdb source for the -\fIuserdb.dat\fR +\fIuserdb.db\fR and -\fIuserdbshadow.dat\fR +\fIuserdbshadow.db\fR databases is also stored with the group and world permissions turned off. .PP \fBuserdbpw\fR --- courier-authlib-0.60.2/userdb/userdbpw.html.in.p1 2007-04-23 02:05:27 +1100 +++ courier-authlib-0.60.2/userdb/userdbpw.html.in 2008-04-26 22:22:33 +1100 @@ -27,11 +27,11 @@ however if its compromised, it WILL be p authenticate. Therefore, applications that use challenge/response authentication will store intermediate HMAC contexts in the "pw" fields in the userdb database, which will be compiled into the -userdbshadow.dat +userdbshadow.db database, which has group and world permissions turned off. The userdb library also requires that the cleartext userdb source for the -userdb.dat and -userdbshadow.dat databases is also stored with the +userdb.db and +userdbshadow.db databases is also stored with the group and world permissions turned off.

userdbpw is usually used together in a pipe with userdb, which reads from standard input. For example:

userdbpw -md5 | userdb users/john set systempw

or:

userdbpw -hmac-md5 | userdb users/john set hmac-md5pw

These commands set the systempw field in the record for the user john in @userdb@/users file, and the

Large virtual domain farm

Name

Synopsis

DESCRIPTION

Format of `@userdb@`

`@userdb@shadow.dat`

`@userdb@shadow.db`

FILES

BUGS

REBUILDING `@userdb@.dat`

REBUILDING `@userdb@.db`

BUGS

BUGS

Large virtual domain farm

Name

Synopsis

DESCRIPTION

Format of @userdb@

@userdb@shadow.dat

@userdb@shadow.db

FILES

BUGS

REBUILDING @userdb@.dat

REBUILDING @userdb@.db

BUGS

BUGS

Format of `@userdb@`

`@userdb@shadow.dat`

`@userdb@shadow.db`

REBUILDING `@userdb@.dat`

REBUILDING `@userdb@.db`