User Passwords?

[Ken Schweigert]

On Tue, Aug 27, 2002 at 12:56:12PM -0400, Christopher Murtagh wrote:
> On Tue, 27 Aug 2002, Mark Jaffe wrote:
> >I am hosting a number of sites for other folks and one user has required
> >a secure email password. He would like to set this himself and I wonder
> >how anyone else has managed such a situation. Does anyone know of mail
> >clients that will allow a user to change their password? I am thinking
> >of someone who does not use a shell account and only uses email and the
> >web.
> 
>  You could probably do this with a web page (either via CGI or PHP using
> system()/suexec/setuid), but just be *very* careful when you do this.
> Setuid scripts that modify user passwords should be reviewed with a fine
> tooth comb to be sure that root or other privileged user passwords can't
> be touched. This is one of the main reasons (paranoia) why I stay away
> from things like Webmin.

I agree with Chris.  Tread lightly near passwd.  One little slip can render
the machine useless.

Although I don't know any mail clients that'll let you change the password,
I am looking through the code for this web-based passwd util.  It says it
was written with security and flexibility in mind.  I'm going to beat it up
on a non-production box before I consider launching it.  If you're curious:

  http://www.unicom.com/sw/web-chpass/

HTH

-ken

> 
> Cheers,
> 
> Chris
> 
> -- 
> 
> Christopher Murtagh
> Webmaster / Sysadmin
> Web Communications Group
> McGill University
> Montreal, Quebec
> Canada
> 
> Tel.: (514) 398-3122
> Fax:  (514) 398-2017
> 
> 
> _______________________________________________
> yellowdog-general mailing list
> yellowdog-general@lists.terrasoftsolutions.com
> http://lists.terrasoftsolutions.com/mailman/listinfo/yellowdog-general
> 

-- 
-Ken Schweigert, Padawan Network Administrator
Byte Productions, LLC
http://www.byte-productions.com