/*******************************************************************************

    Author ......... Galen Johnson
    Contact ........ gjohnson@trantor.org
    Program ........ chg_sasl_pass
    Version ........ 1.4
    Purpose ........ Change Cyrus Account Passwords

*******************************************************************************/


--Purpose--

     Cyrus SASL database authentication allows your Cyrus/squirrelmail
     installation to host mail users without requiring a Unix Shell account!
 
     This plugin only covers the "sasldb" case when using Cyrus SASL.  Kerberos
     and PAM authentication mechanisms will require other techniques to enable
     user password manipulations.

     Cyrus SASL includes a shell utility called "saslpasswd(2)" for manipulating
     user passwords in the "sasldb(2)" database.  This patch attempts to use
     this utility to perform password manipulations required by your squirrel-
     mail users without any administrative interaction.   Unfortunately, this
     scheme requires that the "saslpasswd" utility be run as the "cyrus"
     user.

     This plugin was based on an IMP plugin which was either dropped or incorp-
     orated into the IMP main tree.

----[ Features

     Enable user password changes when using Cyrus SASL and "sasldb(2)".


----[ Installation

     Install just like any other plugin, just put it in the plugin directory.

     Edit the chgsaslpasswd.c file as is documented within it.
     Edit config.php to define the path to your 'chgsaslpasswd' command and
     to set your password lengths.

     Compile the wrapper program:
	gcc -o chgsaslpasswd chgsaslpasswd.c

     Chown chgsaslpasswd to the cyrus user and group that your browser runs
     as, then chmod it to 4550.

     For example, if your cyrus user is 'cyrus' and the apache server group is
     'nobody' (Out of the box Redhat sets it to 'apache'):

	chown cyrus:nobody chgsaslpasswd
	chmod 4550 chgsaslpasswd

     It has suggested users should try to run the scripts on a test account as
     the cyrus user eg;

        su cyrus -c "./chgsaslpasswd -p test_account" 

     This will allow you to make sure that the script will work for your setup.
     Should the script not work, make sure that:
     1) the user the script runs as has access to the sasldb|sasldb2
        file and proper permissions
     2) make sure the user in the chgsaslpasswd.c file is set correctly.
     This could save you some headaches if you are the paranoid type.

     Run conf.pl and add it to your list, and you are rolling.
    
----[ Localization

     NOTE: Only do this if you plan to translate the output generated to a 
           language other than English or to a language not currently supported.
           I'm always looking for translations.

     You need to copy the chg_sasl_passwd.po file for each translation you do.
     The chg_sasl_password.po files will go into directories for each language
     laid out as follows.

        ./locale/<country_code>/LC_MESSAGES/chg_sasl_passwd.po
        where <country code> is no_NO, fr_FR, cs_CZ, etc

        For example, for a french translation:
        ./locale/fr_FR/LC_MESSAGES/chg_sasl_passwd.po

     There will be a msgid for each string you need translated. The msgstr is
     the translation of msgid. For example, for a french translation:

        #: functions.php:18 options.php:56
        msgid "Change Email Password"
        msgstr "Changez Le Mot de passe de votre courriel"

     In each of the directories you need to run the msgfmt command to create the
     .mo file that is used for the translation.  For the french example:

        cd locale/fr_FR/LC_MESSAGES
        msgfmt -o chg_sasl_passwd.mo chg_sasl_passwd.po
 
     NB: Change the Last-Translated field to yourself when editting the .po file
         so you get full credit for your translation.  Look at the other trans-
         lations if you have any questions about exactly how to make changes.

     Now change your Squirrelmail settings to your locale.
    
----[ Possible Bugs?
   
     If you find any problems, let me know!!!


----[ Changelog

     --- 1.4 ---
	Added version info to bring it into better compliance.
	Applied several fixes provided by Brad Donison.
	Future releases will have translations as separate downloads.

     --- 1.3 ---
        Minor cosmetic enhancements and bug fixes to code.
        Applied changes recommended by Daniel Lundin (no more shell script)
        Eric LeBlanc was kind enough to fix the laughable French translation.

     --- 1.2 ---
        Adjusted it to be compatible with versions of squirrelmail 1.4.x.

     --- 1.1 ---
        Adjusted php script to allow it to run with register_globals=Off to
        allow it to be compatible with versions of squirrelmail 1.2.8+.

     --- 1.0 ---
	This release has been put to 1.0 since I have had confirmation that it
	works with SASL2 (Thanks Johan). 
	Version 2.0 will be the _Future Changes_ mentioned below when I can
	find time.

     --- 0.2 ---
        Added localization by request of Alexander Klingenstein.
        Minor bug fixes. (thanks Alex)
        Alex provided the German translation.

     --- 0.1 ---
        Initial release
           
----[ Contributors

     Alex Klingenstein: Initial testing and German translation
     Stephen Carr: Testing recommendations 
     Pascal Sick: FreeBSD bug fix
     Daniel Lundin: Removed need to utilize the shell script
     Joachim Bickel: Minor bug fix
     Brad Donison: Many (previously unknown) bug fixes

----[ Future Changes

     The 2.0 release will incorporate the proposed changes to the change
     password plugins discussed on the plugins list.

     The Cyrus SASL implementation includes an API which will allow this kind
     of database manipulation to be scripted entirely within php, a much more
     secure implementation.  I believe the current setup probably secure 
     enough for general use.  If you come across a security issue, I would 
     appreciate a heads up and a fix.
 
     Got any ideas or complaints, please e-mail me (gjohnson@trantor.org)!

