NOTE

    Please make a backup of your password files ( /etc/passwd, /etc/shadow, 
    /etc/oshadow ) before you try this program.

SUPPORTED SYSTEMS

    cgipaf has been tested with Debian GNU/Linux (potato and woody),
    Solaris 8, FreeBSD and should work on other Un*ces with pam support. 
    Systems without pam support are only supported if they use the standard  
    password file location /etc/passwd /etc/shadow and standard crypt or
    md5 passwords.

    If you're using cgipaf on a system without pam support a lock file
    /var/lock/cgipaf.lock is used. The directory /var/lock have to exist
    on our system or you can modify pass.h to your own needs.

    FreeBSD is also supported, although FreeBSD has PAM support the
    PAM password changer doesn't seem to work on FreeBSD. Add 
    "--host=freebsd" to configure to compile CGIpaf with FreeBSD support. 
    This will compile CGIpaf without PAM support but with built-in BSD
    support.

    CGIpaf depends on the ndbm or compatible library. The GNU dbm library
    is also supported and is automatically detected by configure.

INSTALLATION

    type: 

          ./configure --bindir=/usr/local/apache/cgi-bin \ 
                      --datadir=//etc/cgipaf/data \ 
                      --sysconfdir=/etc/cgipaf
    
    add "--host=freebsd" to compile CGIpaf with freeBSD support
    
    Update the above command with your real cgi-bin and htdocs directory

    This will create Makefile, install.sh and config.h
    
    If you want to disable pam support you can add "--disable-pam" 
    configure should normally detect pam and no-pam systems.
          
    type: 
          make
    
    To compile the sources.

    type: make install
    
    The installation script will install "passwd.cgi","viewmailcfg.cgi" and 
    "mailcfg.cgi" in cgi-bin, copy "php/*.php" in the htdocs directory, and 
    create a sample config file. 
    
    "passwd.cgi", "viewmailcfg.cgi", "mailcfg.cgi"  should have the following 
    permissions:
    
    -r-sr-xr-x    1 root     root        33391 Aug 10 22:16 mailcfg.cgi
    -r-sr-xr-x    1 root     root        30333 Aug 10 22:16 passwd.cgi
    -r-sr-xr-x    1 root     root        34658 Aug 10 22:16 viewmailcfg.cgi

    and owned by root.

    CGIpaf uses "/cgi-bin" in his action fields, if you use another cgi-bin 
    location ( /cgi-bin/cgipaf )
    you have to update:
      
      cgipasswd_top.php
      mailcfg_form.php
      mailcfg_login.php

CONFIGURATION

    The configuration file ( cgipaf.conf ) allow you to set several options 
    see Configuration.html for more information.

    If you're upgrading from a previous version of CGIpaf with cracklib enabled
    in cgipaf.conf you have to set cracklib_dictpath to your cracklib dictpath.

    The cracklib_dictpath is the path to the dictionary filename without the 
    extension ( .pwi ), not the directory path.

    With the "pam_service" directive you can set the pam service name, if not
    set "passwd" is used. The passwd pam service ( /etc/pam.d/passwd ) usually 
    doesn't have an entry for user authentication, therefor /etc/pam.d/other 
    has to have a line auth set to pam_unix.so.

    auth     required       pam_unix.so
    account  required       pam_unix.so

    If you don't like this for security reason etc, you can set the pam_service
    directive to "cgipaf" and create the file /etc/pam.d/cgipaf that looks like
    this

    auth     required       pam_unix.so
    account  required       pam_unix.so
    password required       pam_unix.so md5

    Or better copy your system passwd configuration and the entries for 
    "auth" and "account"

    If your system has a single PAM configuration file (usually /etc/pam.conf)
    you've to update /etc/pam.conf.

    If your system don't support md5 passwords remove md5 in the password line.
    
    passwd.cgi should support all pam opties in the PAM configuration 
    (cracklib, minimum/ maximum password length etc.).
    
    CGIpaf deletes the user's .procmailrc! If your users use procmail to
    distribute their mailings-lists into separate mailboxes etc, it is possible
    to copy the user's .procmailrc to a backup file and copy it back when
    mail-forwarding and autoreply is disabled. Set "use_statefile" to "yes" to
    avoid that the original procmail config confuses CGIpaf and use 
    "run_before_mailcfg" to copy the user's procmail config to a backup file
    and "run_after_mailcfg" to restore it. See Configuration.html for more 
    information.
    
THAT'S ALL FOLKS

    Point your browser to http://your_webserver/cgi-bin/passwd.cgi or 
    http://your_webserver/cgi-bin/viewmailcfg.cgi and enjoy
