adduser.pl - Generic CGI account creation tool
==============================================

$Id: README,v 0.1 2003/12/15 21:27:50 acorliss Exp acorliss $

  The adduser.pl is a CGI script intended to safely allow automatic account
creation for anonymous users with web access to your server.  While I have
attempted to take every possible precaution, it should be noted that this is
inherently a very dangerous thing to do.  In other words, this script should
not be deployed lightly, but if you do, you use it at your own risk.

Assumptions of this system:
---------------------------

  The following assumptions are made during the design of this script:

    1) New accounts are system accounts (but without shell access)
    2) Each account will need an entry in /etc/mail/virtusertable
    3) System authentication system will support crypt()'ed passwords
    4) System will use (optionally) a BSD-ish disk quota system

Note:  Most modern systems that use local files for authentication (shadow'ed
or not) support both MD5 and crypt()'ed passwords.  On MD5-enabled systems
crypt()'ed passwords should not be a problem.  While the account will be
initialised with a crypt()'ed password the first time the user changes his/her
password it will be encoded in MD5 format.  They will be able to log in with
either.

Security Precautions:
---------------------

  The following security precautions are taken when creating accounts (in the
following order):

    1) Execution must be by a specific UID (i.e., httpd daemon's UID)
    2) Configuration file must be in place with the minimum parameters defined
    3) Request must come from the correct HTTP_REFERER
    4) ALLOW in the conf file must be set to 1
    5) Requested password strings must match
    6) Login/passwords must be alphanumeric/_/-/. and 6-10 characters
    7) Comments must be the same, but 1-20 characters, and also allows
       spaces and commas
    8) The requested login must not exist as a system account (tested in
       a case-insensitive fashion to prevent case-spoofing (i.e, Root vice
       root) in e-mails
    9) All external commands are called explicitly with the full path to
       the binary
    10) User is created with their shell set to /bin/false to prevent 
        actual shell access from being given


