This file is indexed.

/etc/horde/passwd/backends.php is in php-horde-passwd 5.0.7-1ubuntu1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
<?php
/**
 * This file provides defaults for backends people use to change their
 * passwords.
 *
 * IMPORTANT: DO NOT EDIT THIS FILE!
 * Local overrides MUST be placed in backends.local.php or backends.d/.
 * If the 'vhosts' setting has been enabled in Horde's configuration, you can
 * use backends-servername.php.
 *
 * Properties that can be set for each server:
 * ===========================================
 *
 * disabled: (boolean) If true, the config entry is disabled.
 *
 * name: (string) This is the plaintext name displayed if using the server
 *       list (also displayed on the main page).
 *
 * driver: The driver used to change the password. Valid drivers:
 *     - adsi: ADSI COM interface.
 *     - expect: Expect script.
 *     - horde: Horde authentication driver.
 *     - ldap: LDAP server.
 *     - pine: Pine-encoded file.
 *     - poppassd: Poppassd server.
 *     - servuftp: Servuftp server.
 *     - smbldap: LDAP server for both LDAP -and- Samba auth.
 *     - smbpasswd: Smbpasswd command.
 *     - sql: SQL authentication.
 *     - vmailmgr: Local vmailmgr daemon.
 *     - vpopmail: SQL based vpopmail.
 *
 *     - composite: Allows you to chain multiple drivers together (see example
 *                  below).
 *
 * policy: (array) The password policies for this backend. You are responsible
 *   for the sanity checks of these options. Options are:
 *     - maxLength: (integer) Maximum length of the password.
 *     - maxSpace: (integer) Maximum number of white space characters.
 *     - minAlpha: (integer) Minimum number of alphabetic characters.
 *     - minAlphaNum: (integer) Minimum number of alphanumeric characters.
 *     - minLength: (integer) Minimum length of the password.
 *     - minLower: (integer) Minimum number of lowercase characters.
 *     - minNonAlpha: (integer) Minimum number of non-alphabetic characters
 *     - minNumeric: (integer) Minimum number of numeric characters (0-9).
 *     - minSymbol: (integer) Minimum number of punctuation / symbol characters.
 *     - minUpper: (integer) Minimum number of uppercase characters.
 *
 *   Alternatively/additionally, the minimum number of character classes can
 *   be configured by setting 'minClasses'. The valid range is 0 through 4
 *   character classes may be required for a password. The available classes:
 *     - lower
 *     - number
 *     - symbol
 *     - upper
 *
 *   For example: a password of 'p@ssw0rd' satisfies three classes ('number',
 *   'lower', and 'symbol'), while 'passw0rd' only satisfies two classes
 *   ('lower' and 'number').
 *
 * logout: (boolean) If true, this backend changes the password associated
 *         with at least one Horde application. On a successful password
 *         change the current session will be destroyed and the page will
 *         redirect to the login screen. You CANNOT continue to use Horde
 *         since the old password may be cached, which will cause errors.
 *
 * params: (array) Additional information that a driver needs. See examples
 *        below for further details.
 *
 * preferred: (string) Useful if you want to use the same backend.php file
 *            for different machines. If the hostname of the Passwd Machine is
 *            identical to one of those in the preferred list, then the
 *            corresponding option in the select box will include SELECTED,
 *            i.e. it is selected per default. Otherwise the first entry in
 *            the list is selected.
 */

$backends['hordeauth'] = array(
    'disabled' => true,
    'name' => 'Horde Authentication',
    'driver' => 'Horde',
    'policy' => array(
        'minLength' => 6,
        'minNumeric' => 1,
    ),
    'logout' => true,
);

$backends['hordesql'] = array(
    'disabled' => true,
    'name' => 'Horde SQL Authentication',
    'driver' => 'Sql',
    'policy' => array(
        'minLength' => 6,
        'minNumeric' => 1,
    ),
    'params' => array_merge(
        $GLOBALS['conf']['sql'],
        array(
            'table' => 'horde_users',
            'user_col' => 'user_uid',
            'pass_col' => 'user_pass',
            'show_encryption' => false,
            'encryption' => isset($GLOBALS['conf']['auth']['params']['encryption']) ? $GLOBALS['conf']['auth']['params']['encryption'] : false
        )
    ),
    'logout' => true,
);

$backends['poppassd'] = array(
    'disabled' => true,
    'name' => 'Poppassd Server',
    'driver' => 'Poppassd',
    'policy' => array(
        'minLength' => 6,
        'minNumeric' => 1,
    ),
    'params' => array(
        'host' => 'localhost',
        'port' => 106
    ),
);

$backends['servuftp'] = array(
    'disabled' => true,
    'name' => 'Serv-U FTP Server',
    'driver' => 'Servuftp',
    'policy' => array(
        'minLength' => 6,
        'minNumeric' => 1,
    ),
    'params' => array(
        'host' => 'localhost',
        'port' => 106,
        'timeout' => 30
    ),
);

$backends['expect'] = array(
    'disabled' => true,
    'name' => 'Expect Script',
    'driver' => 'Expect',
    'policy' => array(
        'minLength' => 6,
        'minNumeric' => 1,
    ),
    'params' => array(
        'program' => '/usr/bin/expect',
        'script' => PASSWD_BASE . '/scripts/passwd-expect',
        'params' => '-telnet -host localhost -output /tmp/passwd.log'
    ),
);

$backends['sudo_expect'] = array(
    'disabled' => true,
    'name' => 'Expect with Sudo Script',
    'driver' => 'Procopen',
    'policy' => array(
        'minLength' => 6,
        'minNumeric' => 1,
    ),
    'params' => array(
        'program' => '/usr/bin/expect ' . PASSWD_BASE . '/scripts/passwd-expect -sudo'
    ),
);

$backends['smbpasswd'] = array(
    'disabled' => true,
    'name' => 'Samba Server',
    'driver' => 'Smbpasswd',
    'policy' => array(
        'minLength' => 6,
        'minNumeric' => 1,
    ),
    'params' => array(
        'program' => '/usr/bin/smbpasswd',
        'host' => 'localhost'
    ),
);

$backends['ldap'] = array(
    'disabled' => true,
    'name' => 'LDAP Server',
    'driver' => 'Ldap',
    'policy' => array(
        'minLength' => 6,
        'minNumeric' => 1,
    ),
    'params' => array(
        'host' => 'localhost',
        'port' => 389,
        'basedn' => 'o=example.com',
        // LDAP object key attribute.
        'uid' => 'uid',
        // The attribute storing the password.
        'attribute' => 'userPassword',
        // These attributes will enable shadow password policies.
        // 'shadowlastchange' => 'shadowLastChange',
        // 'shadowmin' => 'shadowMin',
        // This will be appended to the username when looking for the userdn.
        'realm' => '',
        // Use this filter when searching for the user's DN.
        'filter' => '',
        // Hash method to use when storing the password
        'encryption' => 'crypt',
        // Whether to enable TLS for this LDAP connection
        // Note: make sure that the host matches cn in the server certificate.
        'tls' => false,
        // Determine the user's DN. %u will be replaced by the user's ID.
        // Alternatively, disable this option and instead use the 'userdn'
        // hook (config/hooks.php) to dynamically set the userdn.
        //'userdn' => 'uid=%u,o=example.com'
    ),
);

// NOTE: to set the ldap userdn, see horde/config/hooks.php
$backends['ldapadmin'] = array(
    'disabled' => true,
    'name' => 'LDAP Server with Admin Bindings',
    'driver' => 'Ldap',
    'policy' => array(
        'minLength' => 6,
        'minNumeric' => 1,
    ),
    'params' => array(
        'host' => 'localhost',
        'port' => 389,
        'basedn' => 'o=example.com',
        'admindn' => 'cn=admin,o=example.com',
        'adminpw' => 'somepassword',
        // LDAP object key attribute.
        'uid' => 'uid',
        // The attribute storing the password.
        'attribute' => 'userPassword',
        // These attributes will enable shadow password policies.
        // 'shadowlastchange' => 'shadowLastChange',
        // 'shadowmin' => 'shadowMin',
        // This will be appended to the username when looking for the userdn.
        'realm' => '',
        // Use this filter when searching for the user's DN.
        'filter' => '',
        // Hash method to use when storing the password
        'encryption' => 'crypt',
        // If set, should be 0 or 1. See the LDAP documentation about the
        // corresponding parameter REFERRALS.
        // Windows 2003 Server require to set this parameter to 0
        // 'referrals' => 0,
        // Whether to enable TLS for this LDAP connection
        // Note: make sure that the host matches cn in the server certificate.
        'tls' => false
    ),
);

// NOTE: to set the ldap userdn, see horde/config/hooks.php
// NOTE: to make work with samba 2.x schema you must change lm_attribute and
// nt_attribute
$backends['smbldap'] = array(
    'disabled' => true,
    'name' => 'Samba/LDAP Server',
    'preferred' => '',
    'policy' => array(
        'minLength' => 6,
        'minNumeric' => 1,
    ),
    'driver' => 'Smbldap',
    'params' => array(
        'host' => 'localhost',
        'port' => 389,
        'basedn' => 'o=example.com',
        // LDAP object key attribute.
        'uid' => 'uid',
        // The attribute storing the password.
        'attribute' => 'userPassword',
        // This will be appended to the username when looking for the userdn.
        'realm' => '',
        // Use this filter when searching for the user's DN.
        'filter' => '',
        // Hash method to use when storing the password
        'encryption' => 'crypt',
        // Whether to enable TLS for this LDAP connection
        // Note: make sure that the host matches cn in the server certificate.
        'tls' => false,
        // Determine the user's DN. %u will be replaced by the user's ID.
        //'userdn' => 'uid=%u,o=example.com'
        // If any of the following attributes are commented out, they
        // won't be set on the LDAP server.
        'lm_attribute' => 'sambaLMPassword',
        'nt_attribute' => 'sambaNTPassword',
        'pw_set_attribute' => 'sambaPwdLastSet',
        'pw_expire_attribute' => 'sambaPwdMustChange',
         // The number of days until samba passwords expire. If this
         // is commented out, passwords will never expire.
        'pw_expire_time' => 180,
    ),
);

$backends['sql'] = array(
    'disabled' => true,
    'name' => 'SQL Server',
    'driver' => 'Sql',
    'policy' => array(
        'minLength' => 6,
        'minNumeric' => 1,
    ),
    'params' => array(
        'phptype' => 'mysql',
        'hostspec' => 'localhost',
        'username' => 'dbuser',
        'password' => 'dbpasswd',
        'encryption' => 'md5-hex',
        'database' => 'db',
        'table' => 'users',
        'user_col' => 'user_uid',
        'pass_col' => 'user_pass',
        'show_encryption' => false
        // The following two settings allow you to specify custom queries for
        // lookup and modify functions if special functions need to be
        // performed.  In places where a username or a password needs to be
        // used, refer to this placeholder reference:
        //    %d -> gets substituted with the domain
        //    %u -> gets substituted with the user
        //    %U -> gets substituted with the user without a domain part
        //    %p -> gets substituted with the plaintext password
        //    %e -> gets substituted with the encrypted password
        //
        // 'query_lookup' => 'SELECT user_pass FROM horde_users WHERE user_uid = %u',
        // 'query_modify' => 'UPDATE horde_users SET user_pass = %e WHERE user_uid = %u',
    ),
);

$backends['mailmgr'] = array(
    'disabled' => true,
    'name' => 'VMailMgr Server',
    'driver' => 'Vmailmgr',
    'policy' => array(),
    'params' => array(
        'vmailinc' => '/your/path/to/the/vmail.inc'
    ),
);

$backends['vpopmail'] = array(
    'disabled' => true,
    'name' => 'Vpopmail Server',
    'driver' => 'Vpopmail',
    'policy' => array(
        'minLength' => 6,
        'minNumeric' => 1,
    ),
    'params' => array(
        'phptype' => 'mysql',
        'hostspec' => 'localhost',
        'username' => '',
        'password' => '',
        'encryption' => 'crypt',
        'database' => 'vpopmail',
        'table' => 'vpopmail',
        'name' => 'pw_name',
        'domain' => 'pw_domain',
        'passwd' => 'pw_passwd',
        'clear_passwd' => 'pw_clear_passwd',
        'use_clear_passwd' => true,
        'show_encryption' => true
    ),
);

$backends['pine'] = array(
    'disabled' => true,
    'name' => 'Pine Password File',
    'driver' => 'Pine',
    'policy' => array(
        'minLength' => 6,
        'minNumeric' => 1,
    ),
    'params' => array(
        // FTP server information.
        'host' => 'localhost',
        'port' => '21',
        'path' => '',
        'file' => '.pinepw',
        // Connect using the just-passed-in password?
        'use_new_passwd' => false,
        // Host string to look for in the encrypted file.
        'imaphost' => 'localhost'
    ),
);

$backends['kolab'] = array(
    'disabled' => true,
    'name' => 'Local Kolab Server',
    'driver' => 'Kolab',
    'policy' => array(
        'minLength' => 6,
        'minNumeric' => 1,
    ),
    'params' => array(),
);

$backends['myscript'] = array(
    'disabled' => true,
    'name' => 'Custom Script',
    'driver' => 'Procopen',
    'policy' => array(
        'minLength' => 6,
        'minNumeric' => 1,
    ),
    'params' => array(
        'program' => '/path/to/my/script + myargs'
    ),
);

// This is an example configuration for the http driver.  This allows
// connecting to an arbitrary URL that contains a password change form.
// The params 'username','oldPasswd','passwd1', and 'passwd2' params should be
// set to the name of the respective form input elements on the html form.  If
// there are additional form fields that the form requires, define them in the
// 'fields' array in the form 'formFieldName' => 'formFieldValue'.  The driver
// attempts to determine the success or failure based on searching the
// returned html page for the values listed in the 'eval_results' array.
$backends['http'] = array(
    'disabled' => true,
    'name' => 'HTTP Server',
    'driver' => 'Http',
    'policy' => array(
        'minLength' => 6,
        'minNumeric' => 1,
    ),
    'params' => array(
        'url' => 'http://www.example.com/psoft/servlet/psoft.hsphere.CP',
        'username' => 'mbox',
        'oldPasswd' => 'old_password',
        'passwd1' => 'password',
        'passwd2' => 'password2',
        'fields' => array(
            'action' => 'change_mbox_password',
            'ftemplate' => 'design/mail_passw.html'
        ),
        'eval_results' => array(
            'success' => 'Password successfully changed',
            'badPass' => 'Bad old password',
            'badUser' => 'Mailbox not found'
        ),
    ),
);

$backends['soap'] = array(
    'disabled' => true,
    'name' => 'SOAP Server',
    'driver' => 'Soap',
    'policy' => array(
        'minLength' => 6,
        'minNumeric' => 1,
    ),
    'params' => array(
        // If this service doesn't have a WSDL, the 'location' and 'uri'
        // parameters below must be specified instead.
        'wsdl' => 'http://www.example.com/service.wsdl',
        'method' => 'changePassword',
        // This is the order of the arguments to the method specified above.
        'arguments' => array('username', 'oldpassword', 'newpassword'),
        // These parameters are directly passed to the SoapClient object, see
        // http://ww.php.net/manual/en/soapclient.soapclient.php for a
        // complete list of possible parameters.
        'soap_params' => array(
            'location' => '',
            'uri' => '',
         ),
    ),
);

// This is an example configuration for Postfix.admin 2.3.
// Set the 'password_policy' section as you wish.
// In most installations you probably only need to change the
// hostspec and/or  password fields.
$backends['postfixadmin'] = array(
    'disabled' => true,
    'name' => 'Postfix Admin server',
    'driver' => 'Sql',
    'policy' => array(
        'minLength' => 6,
        'maxLength' => 20,
        'minNumeric' => 1,
    ),
    'params' => array(
        'phptype' => 'mysql',
        'hostspec' => 'localhost',
        'username' => 'postfix',
        'password' => 'PASSWORD',
        'encryption' => 'crypt-md5',
        'database' => 'postfix',
        'table' => 'mailbox',
        'user_col' => 'username',
        'pass_col' => 'password',
        'show_encryption' => false,
        // The following two settings allow you to specify custom queries for
        // lookup and modify functions if special functions need to be
        // performed.  In places where a username or a password needs to be
        // used, refer to this placeholder reference:
        //    %d -> gets substituted with the domain
        //    %u -> gets substituted with the user
        //    %U -> gets substituted with the user without a domain part
        //    %p -> gets substituted with the plaintext password
        //    %e -> gets substituted with the encrypted password
        //
        'query_lookup' => 'SELECT password FROM mailbox WHERE username = %u and active = 1',
        'query_modify' => 'UPDATE mailbox SET password = %e WHERE username = %u'
    ),
);

// This is an example configuration for chaining multiple drivers to allow for
// syncing of passwords across many backends using the composite driver as a
// wrapper.
//
// Each of the subdrivers may contain an optional parameter called 'required'
// that, when set to true, will cause the rest of the drivers be skipped if a
// particular one fails.
$backends['composite'] = array(
    'disabled' => true,
    'name' => 'All Services',
    'driver' => 'Composite',
    'policy' => array(
        'minLength' => 6,
        'minNumeric' => 1,
    ),
    'params' => array('drivers' => array(
        'sql' => array(
            'name' => 'Horde Authentication',
            'driver' => 'Sql',
            'required' => true,
            'params' => array(
                'phptype' => 'mysql',
                'hostspec' => 'localhost',
                'username' => 'horde',
                'password' => '',
                'encryption' => 'md5-hex',
                'database' => 'horde',
                'table' => 'horde_users',
                'user_col' => 'user_uid',
                'pass_col' => 'user_pass',
                'show_encryption' => false
                // 'query_lookup' => '',
                // 'query_modify' => '',
            ),
        ),
        'smbpasswd' => array(
            'name' => 'Samba Server',
            'driver' => 'Smbpasswd',
            'params' => array(
                'program' => '/usr/bin/smbpasswd',
                'host' => 'localhost',
            ),
        ),
    )),
);