CVM: Credential Validation Module

CVM Protocol Description
CVM Client Library
CVM Module Library
CVM Error Values
CVM Design Rationale

The cvm-checkpassword Program
The cvm-testclient Program
The cvm-benchclient Program


CVM is a framework for validating a set of credentials against a database using a filter program. The modules act as a filter, taking a set of credentials as input and writing a set of facts as output if those credentials are valid. Optional input is given to the module through environment variables.

Some of the ideas for CVM came from experience with the checkpassword interface used by qmail-pop3d, and the "authmod" interface used by Courier IMAP and POP3. This framework places fewer restrictions on the invoking client than checkpassword does, and is much simpler to implement on both sides than the authmod framework.

Contact Modes

CVM modules may be contacted by one of three modes:

  1. Command execution: Use a module name of cvm-command:/path/to/command. The cvm-command: prefix is optional.
  2. UNIX (or local) domain socket: Use a module name of cvm-local:/path/to/socket.
  3. UDP: Use a module name of cvm-udp:hostname:port.