NOTE

    Please make a backup of your password files ( /etc/passwd, /etc/shadow, 
    /etc/oshadow ) before you try this program.

SUPPORTED SYSTEMS

    cgipaf has been tested with Debian GNU/Linux (woody), Solaris 8, FreeBSD 
    and should work on other Un*ces with pam support. Systems without pam 
    support are only supported if they use the standard password file 
    location /etc/passwd /etc/shadow and standard crypt or md5 passwords.

    If you're using cgipaf on a system without pam support a lock file
    /var/lock/cgipaf.lock is used. The directory /var/lock have to exist
    on our system or you can modify pass.h to your own needs.

    FreeBSD and NetBSD are supported, OpenBSD is not (yet) supported. Although 
    FreeBSD has PAM support the PAM password changer doesn't seem to work on 
    FreeBSD. Therefor CGIpaf is compiled without PAM support but with 
    built-in BSD support by default. If you need PAM support on FreeBSD you
    can add --enable-pam to configure.

    Operating systems are automatically detected by configure. 
    
    CGIpaf depends on the ndbm or compatible library. The GNU dbm library
    is also supported and is automatically detected by configure.


INSTALLATION

    type: 

          ./configure --bindir=/usr/local/apache/cgi-bin \ 
                      --datadir=/etc/cgipaf/data \ 
                      --sysconfdir=/etc/cgipaf
    
    Update the above command with your real cgi-bin directory.

    This will create Makefile, install.sh and config.h
    
    If you want to disable pam support you can add "--disable-pam" 
    configure should normally detect pam and no-pam systems.
          
    type: 
          make
    
    To compile the sources.

    type: 
	  make install
    
    The installation script will install "passwd.cgi","viewmailcfg.cgi" and 
    "mailcfg.cgi" in cgi-bin, copy "php/*.php" in the data directory, and 
    create a sample config file. 
    
    "passwd.cgi", "viewmailcfg.cgi", "mailcfg.cgi"  should have the following 
    permissions:
    
    -r-sr-xr-x    1 root     root        33391 Aug 10 22:16 mailcfg.cgi
    -r-sr-xr-x    1 root     root        30333 Aug 10 22:16 passwd.cgi
    -r-sr-xr-x    1 root     root        34658 Aug 10 22:16 viewmailcfg.cgi

    and owned by root.

    CGIpaf uses "/cgi-bin" in his action fields, if you use another cgi-bin 
    location ( /cgi-bin/cgipaf )
    you have to update:
      
      cgipasswd_top.php
      mailcfg_form.php
      mailcfg_login.php

CONFIGURATION

    The configuration file ( cgipaf.conf ) allow you to set several options 
    see Configuration.html for more information.

    If you're upgrading from a previous version of CGIpaf with cracklib enabled
    in cgipaf.conf you have to set cracklib_dictpath to your cracklib dictpath.

    The cracklib_dictpath is the path to the dictionary filename without the 
    extension ( .pwi ), not the directory path.

    With the "pam_service" directive you can set the pam service name, if not
    set "passwd" is used. The passwd pam service ( /etc/pam.d/passwd ) usually 
    doesn't have an entry for user authentication, therefor /etc/pam.d/other 
    has to have a line auth set to pam_unix.so.

    auth     required       pam_unix.so
    account  required       pam_unix.so

    If you don't like this for security reason etc, you can set the pam_service
    directive to "cgipaf" and create the file /etc/pam.d/cgipaf that looks like
    this

    auth     required       pam_unix.so
    account  required       pam_unix.so
    password required       pam_unix.so md5

    Or better copy your system passwd configuration and the entries for 
    "auth" and "account"

    If your system has a single PAM configuration file (usually /etc/pam.conf)
    you've to update /etc/pam.conf.

    If your system don't support md5 passwords remove md5 in the password line.
    
    passwd.cgi should support all pam options in the PAM configuration 
    (cracklib, minimum/ maximum password length etc.).
    
    CGIpaf deletes the user's .procmailrc! If your users use procmail to
    distribute their mailings-lists into separate mailboxes etc, it is possible
    to copy the user's .procmailrc to a backup file and copy it back when
    mail-forwarding and autoreply is disabled. Set "use_statefile" to "yes" to
    avoid that the original procmail config confuses CGIpaf and use 
    "run_before_mailcfg" to copy the user's procmail config to a backup file
    and "run_after_mailcfg" to restore it. See Configuration.html for more 
    information.

    Examples with vacation support are available in the exmaples directory
    
THAT'S ALL FOLKS

    Point your browser to http://your_webserver/cgi-bin/passwd.cgi or 
    http://your_webserver/cgi-bin/viewmailcfg.cgi and enjoy