From owner-freebsd-isp Mon Jan 31 11:35:50 2000 Delivered-To: freebsd-isp@freebsd.org Received: from cliff.i-plus.net (cliff.i-plus.net [209.100.20.42]) by hub.freebsd.org (Postfix) with ESMTP id EEBEA14FED for ; Mon, 31 Jan 2000 11:35:15 -0800 (PST) (envelope-from troy@picus.com) Received: from ARCADIA (arcadia.i-plus.net [209.100.20.198]) by cliff.i-plus.net (8.9.3/8.9.3) with SMTP id OAA20992 for ; Mon, 31 Jan 2000 14:35:01 -0500 (EST) From: "Troy Settle" To: Subject: RE: web access with unix password Date: Mon, 31 Jan 2000 14:36:06 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.5600 In-Reply-To: <20000201054233.A47517@comcen.com.au> Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Couple solutions... For changing passwords, check the archives for URLs I posted to a couple scripts to do just that (one in perl, the other in PHP) For verifying users before giving them their stats 'n stuff, I have a scriptlet that validates the username/password from the pop server. In the past, I had a seperate script that validated against a radius server. Hope this helps, Troy ** -----Original Message----- ** From: owner-freebsd-isp@FreeBSD.ORG ** [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of aunty ** Sent: Monday, January 31, 2000 1:43 PM ** To: freebsd-isp@freebsd.org ** Subject: web access with unix password ** ** ** I need to set up a new web site for users to do things ** like checking ** their usage stats and changing their password. ** ** There are server security problems with using the real ** password file or ** a derived .htaccess, but it's a while since I've been down ** this track. ** I'd like to present all the options with pros and cons ** before making ** the "right" decisions. ** ** Can anyone suggest where I might find the best up to date ** summary of the ** security issues and alternative approaches? ** ** -- ** ** Regards, ** -*Sue*- ** ** ** ** To Unsubscribe: send mail to majordomo@FreeBSD.org ** with "unsubscribe freebsd-isp" in the body of the message ** ** To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message