User Passwords?
Ken Schweigert
yellowdog-general@lists.terrasoftsolutions.com
Tue Aug 27 11:09:01 2002
On Tue, Aug 27, 2002 at 12:56:12PM -0400, Christopher Murtagh wrote:
> On Tue, 27 Aug 2002, Mark Jaffe wrote:
> >I am hosting a number of sites for other folks and one user has required
> >a secure email password. He would like to set this himself and I wonder
> >how anyone else has managed such a situation. Does anyone know of mail
> >clients that will allow a user to change their password? I am thinking
> >of someone who does not use a shell account and only uses email and the
> >web.
>
> You could probably do this with a web page (either via CGI or PHP using
> system()/suexec/setuid), but just be *very* careful when you do this.
> Setuid scripts that modify user passwords should be reviewed with a fine
> tooth comb to be sure that root or other privileged user passwords can't
> be touched. This is one of the main reasons (paranoia) why I stay away
> from things like Webmin.
I agree with Chris. Tread lightly near passwd. One little slip can render
the machine useless.
Although I don't know any mail clients that'll let you change the password,
I am looking through the code for this web-based passwd util. It says it
was written with security and flexibility in mind. I'm going to beat it up
on a non-production box before I consider launching it. If you're curious:
http://www.unicom.com/sw/web-chpass/
HTH
-ken
>
> Cheers,
>
> Chris
>
> --
>
> Christopher Murtagh
> Webmaster / Sysadmin
> Web Communications Group
> McGill University
> Montreal, Quebec
> Canada
>
> Tel.: (514) 398-3122
> Fax: (514) 398-2017
>
>
> _______________________________________________
> yellowdog-general mailing list
> yellowdog-general@lists.terrasoftsolutions.com
> http://lists.terrasoftsolutions.com/mailman/listinfo/yellowdog-general
>
--
-Ken Schweigert, Padawan Network Administrator
Byte Productions, LLC
http://www.byte-productions.com