printf "%s\0%s\0%s\0" user password Y123456 | /usr/bin/checkpassword id 3<&0
But it only gives the right result when you are root. Why ?
only has access to the shadow password database if it is run as root. Some programs that require access to the database are run as sgid shadow, but even this would be a bad idea for checkpassword, because it can be used to run dictionary attacks against the password list.
I am not an expert but it seems to work if `id -u mails` is replaced with
`id -u root`
Ok, but from a security aspect is that the right solution?
Doesn't sound like good security; at the very least, you are running a lot of code as root that doesn't need to be.
There are a number of alternatives to checkpassword
I cannot advise the best solution; for a commercial system, you should probably operate a separate password database
for remote smtp users, rather than give qmail access to the system passwords.