hi.
> I am planning for a completely different approach:
>
> - Have a daemon listening at 127.0.0.1:<your_favourite_port_here>. That
> daemon runs as root, for reasons explained below.
> - Have a client program that sends userid/password pairs towards above
> daemon. This could be a base64-encoded string or some challenge/response
> method.
> - Daemon checks the uid/pw pair and responds with 'OK' or 'ERR' (with the
> mandatory 2 seconds sleep when ERR). It is up to the daemon how the check
> is done - getpwnam, getspnam, do_some_ldap_lookup,
> select_pw_from_pwtable_where_user_=_<foo>, ..., you get the idea.
> - Client then proceeds depending on answer.
I've done just that some time ago - search this list archives, keywords
SMTP-AUTH Cyrus-SASL pwcheck daemon.
That was around 11 Oct 2001 or so.
If you won't be able to find the patch, I'll get it sent to you, just tell me.