User Passwords?

[Christopher Murtagh]

On Tue, 27 Aug 2002, Mark Jaffe wrote:
>I am hosting a number of sites for other folks and one user has required
>a secure email password. He would like to set this himself and I wonder
>how anyone else has managed such a situation. Does anyone know of mail
>clients that will allow a user to change their password? I am thinking
>of someone who does not use a shell account and only uses email and the
>web.

 You could probably do this with a web page (either via CGI or PHP using
system()/suexec/setuid), but just be *very* careful when you do this.
Setuid scripts that modify user passwords should be reviewed with a fine
tooth comb to be sure that root or other privileged user passwords can't
be touched. This is one of the main reasons (paranoia) why I stay away
from things like Webmin.

Cheers,

Chris

-- 

Christopher Murtagh
Webmaster / Sysadmin
Web Communications Group
McGill University
Montreal, Quebec
Canada

Tel.: (514) 398-3122
Fax:  (514) 398-2017