I installed courier-authlib because sqwebmail now requires it. This is a pure vchkpw auth situation.
The courier-authlib install provides these two options for its ./configure --with-mailuser=userid, --with-mailgroup=groupid I decided to omit these options because of the following statement in the courier-authlib INSTALL file: > "userid" is a reserved system username, "groupid" is a reserved system > groupname. These two options should be used before installing Courier for the > first time. These options are not required before installing Courier-IMAP or > SqWebMail. This works fine for sqwebmail login, but password changing via sqwebmail is failing as per this maillog entry: sqwebmaild: authdaemon: s_connect() failed: Permission denied However, using either sqwebpasswd or authtest from the command line (as root) allows passwords to be changed successfully. So it seems clear that permissions is the only problem. Searching the sqwebmail archives for the above maillog error reveals this advice from Sam: > Presuming that you"re using the latest versions of all packages: verify the > ownership and the permissions of the sqwebpasswd wrapper. It should have > the setgid bit set, and owned by whatever userid and groupid was assigned to > courier-authlib. My sqwebpasswd seems to meet this requirement as these two directory listings show: -rwxr-sr-x 1 root wheel 3752 Apr 11 20:23 sqwebpasswd -rwxr-xr-x 1 root wheel 51860 Apr 11 00:29 authdaemond* assuming authdaemond's ownership is a correct reference for the "userid and groupid was assigned to courier-authlib". But I was a little surprised to see the root/wheel ownership, and this also contradicts what the courier-authlib INSTALL file says will happen if the above two options are not set and there is no previous Courier install: > The userid is the first userid from the following list which exists in the > system: courier, daemon, adm, bin, root; and the groupid is the first groupid > from the following list which exists in the system: courier, daemon, adm, > sys, root because I do have daemon both as a user-id and a group-id on my system. (That is apparently a bug in courier-authlib configure process and I will report it on an appropriate list.) However, this made me wonder if there are any opinions here about "best practices" for courier-authlib ownership in a primarily-vpopmail situation. The possibility of using vpopmail/vchkpw comes to mind immediately, but maybe courier-authlib is a wrapper that makes this irrelevant, so that creating a "courier" user and group would be just as good. I'd also like to do things in a way that wouldn't get me in trouble if I later add Courier IMAP to my system. Thanks in advance for any suggestions, or even a solution to my password-changing problem. -Kurt configuration: vpopmail 5.4.10 courier-authlib-0.55.20050407 sqwebmail-5.0.1