NOTE

    Please make a backup of your password files ( /etc/passwd, /etc/shadow, 
    /etc/oshadow ) before you try this program.

SUPPORTED SYSTEMS

    cgipaf has been tested with Debian GNU/Linux, Solaris 10 and should work
    on other Un*ces with pam support. Systems without pam support are only
    supported if they use the standard password file location /etc/passwd
    /etc/shadow and standard crypt or md5 passwords.

    FreeBSD and NetBSD are supported, OpenBSD is not (yet) supported.

    PAM support is enabled on FreeBSD 7.3 or above and NetBSD 6 or above. 

    GNU make is required to build cgipaf on a BSD system.

    Operating systems are automatically detected by configure. 
    
    CGIpaf depends on the ndbm or compatible library. The GNU dbm library
    is also supported and is automatically detected by configure.


INSTALLATION

    If you have library/include files installed on non-default location e.g.
    /usr/local/lib /usr/local/include set LDFLAGS and CFLAGS environment
    variables.

	# export CFLAGS="-I /usr/local/include"
	# export LDFLAGS="-L /usr/local/lib"

    type: 

	# ./configure --bindir=/usr/local/apache/cgi-bin \ 
                      --datadir=/etc/cgipaf/data \ 
                      --sysconfdir=/etc/cgipaf

    Update the above command with your real cgi-bin directory.

    This will create Makefile, install.sh and config.h
    
    If you want to disable pam support you can add "--disable-pam" 
    configure should normally detect pam and no-pam systems.

          
    type: 
          make
    
    To compile the sources.

    type: 
	  make install
    
    The installation script will install "passwd.cgi","viewmailcfg.cgi" and 
    "mailcfg.cgi" in cgi-bin, copy "php/*.php" in the data directory, and 
    create a sample config file. 
    
    "passwd.cgi", "viewmailcfg.cgi", "mailcfg.cgi"  should have the following 
    permissions:
    
    -r-sr-xr-x    1 root     root        33391 Aug 10 22:16 mailcfg.cgi
    -r-sr-xr-x    1 root     root        30333 Aug 10 22:16 passwd.cgi
    -r-sr-xr-x    1 root     root        34658 Aug 10 22:16 viewmailcfg.cgi

    and owned by root.

    CGIpaf uses "/cgi-bin" in his action fields, if you use another cgi-bin 
    location ( /cgi-bin/cgipaf )
    you have to update:
      
      cgipasswd_top.php
      mailcfg_form.php
      mailcfg_login.php

CONFIGURATION

    The configuration file ( cgipaf.conf ) allow you to set several options 
    see Configuration.html for more information.

    If you're upgrading from a previous version of CGIpaf with cracklib enabled
    in cgipaf.conf you have to set cracklib_dictpath to your cracklib dictpath.

    The cracklib_dictpath is the path to the dictionary filename without the 
    extension ( .pwi ), not the directory path.

    With the "pam_service" directive you can set the pam service name, if not
    set "passwd" is used. The passwd pam service ( /etc/pam.d/passwd ) usually 
    doesn't have an entry for user authentication, therefor /etc/pam.d/other 
    has to have a line auth set to pam_unix.so.

    auth     required       pam_unix.so
    account  required       pam_unix.so

    If you don't like this for security reason etc, you can set the pam_service
    directive to "cgipaf" and create the file /etc/pam.d/cgipaf that looks like
    this

    auth     required       pam_unix.so
    account  required       pam_unix.so
    password required       pam_unix.so md5

    Or better copy your system passwd configuration and the entries for 
    "auth" and "account"

    If your system has a single PAM configuration file (usually /etc/pam.conf)
    you've to update /etc/pam.conf.

    If your system don't support md5 passwords remove md5 in the password line.
    
    passwd.cgi should support all pam options in the PAM configuration 
    (cracklib, minimum/ maximum password length etc.).
    
    CGIpaf deletes the user's .procmailrc! If your users use procmail to
    distribute their mailings-lists into separate mailboxes etc, it is possible
    to copy the user's .procmailrc to a backup file and copy it back when
    mail-forwarding and autoreply is disabled. Set "use_statefile" to "yes" to
    avoid that the original procmail config confuses CGIpaf and use 
    "run_before_mailcfg" to copy the user's procmail config to a backup file
    and "run_after_mailcfg" to restore it. See Configuration.html for more 
    information.

    Examples with vacation support are available in the examples directory

THAT'S ALL FOLKS

    Point your browser to http://your_webserver/cgi-bin/passwd.cgi or 
    http://your_webserver/cgi-bin/viewmailcfg.cgi and enjoy

COPYRIGHT NOTICE

   The documentation for CGIpaf is licensed under the terms of
   the FreeBSD Documentation License.

   The FreeBSD Documentation License

   Copyright (c) 2001 - 2020 Staf Wagemakers

   Redistribution and use in source (plaintext, HTML) and 'compiled' forms
   (SGML, HTML, PDF, PostScript, RTF and so forth) with or without
   modification, are permitted provided that the following conditions are
   met:

   1. Redistributions of source code (plaintext, HTML) must retain the
      above copyright notice, this list of conditions and the following
      disclaimer.

   2. Redistributions in compiled form (transformed to other DTDs,
      converted to PDF, PostScript, RTF and other formats) must reproduce
      the above copyright notice, this list of conditions and the following
      disclaimer in the documentation and/or other materials provided with
      the distribution.

   THIS DOCUMENTATION IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED 
   WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 
   MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 
   IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
   DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
   DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
   GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
   INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
   IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
   OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
   EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

