Andrew Richards
• The Free Stuff!


On this page: • Introduction   • Status/Warranty   • Download   • Installation   • To do   • Troubleshooting   • Archives


This is a drop-in replacement for the checkpassword program typically used in qmail systems to authenticate from the system's /etc/passwd database. Instead of consulting this database, external Radius server(s) are consulted.

This program is based on the checkpassword system devised by Dan Bernstein, commonly used in qmail installations - see http://cr.yp.to/checkpwd.html for further details. It is written in C - but note that there is also a version written in Perl by a different author; part of the reason for writing this version in C is that I never got the Perl version working...

For multi-domain installations, you may like to know that this implementation is able to handle the "@" symbol in a username (for the scenario where you wish to have unique users fred@domain1 and fred@domain2) - the question then becomes whether the Radius server you're authenticating with can also handle "@" symbols. To the best of my knowledge, standard 1.16 Livingston and Ascend implementations cannot; Cistron 1.6.5 and Radiator can. UPDATE: Radius implementations have moved on since I wrote this paragraph and I haven't played with radcheckpassword lately. Therefore I'd be very interested to hear what current Radius implementations (including their version numbers) can handle "@" symbols in the name, and also whether you're successfully using radcheckpassword with them.

Radius uses standard MD5 encryption - and therefore so does this program - as well as some Radius client code that crops up in FreeBSD, written by Juniper Networks. It presupposes a single-UID setup: Since Radius is an external authentication system, the users are assumed not to relate to system users. This means that some means of working out where a user's [mail] directory is located will be needed. One possibility is the hashed-directory code I've written; for others checkout the qmail home page.

Status / Warranty

No warranty, express or implied is given - USE THIS SOFTWARE ENTIRELY AT YOUR OWN RISK. You will need to satisfy yourself as to the suitability of this software before deploying it in a production environment.


The current release is version 0.1 - download it here as a gzipped tar or compressed tar archive (I'll put up other formats on request).


Installation details for the program are included in the distribution - see the README file. If you're wondering what platforms the program runs on, here's the list (if you get this program working on other systems, please let me know - reach me at radcpw-compat@acrconsulting.co.uk so that I can update this page - also let me know if any modifications were necessary).

Patch for Worldgroup Radius: If you're using the Worldgroup Radius server, you'll need this patch (thank you Humberto Diogenes).

To do

(Nothing in this section at present)


If you have problems with this software, you may like to go through the following checklist,


Currently there are no earlier versions of this program.

This page last updated: AR, 6th February 2008.

This gratuitous space at the end ensures that the short-cuts to each section work properly