From owner-freebsd-isp  Sun Aug 17 19:38:18 1997
Return-Path: <owner-freebsd-isp>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id TAA14108
          for isp-outgoing; Sun, 17 Aug 1997 19:38:18 -0700 (PDT)
Received: from absinthe.i3inc.com (Absinthe.i3inc.com [208.218.26.194])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id TAA14090
          for <isp@freebsd.org>; Sun, 17 Aug 1997 19:38:13 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by absinthe.i3inc.com (8.7.2/8.7.2) with SMTP id VAA28208; Sun, 17 Aug 1997 21:49:00 -0400 (EDT)
Message-Id: <199708180149.VAA28208@absinthe.i3inc.com>
X-Authentication-Warning: absinthe.i3inc.com: Host localhost [127.0.0.1] didn't use HELO protocol
To: ulf@alameda.net
Cc: danny@panda.hilink.com.au, isp@freebsd.org
Subject: Re: Changing password via web ?
In-Reply-To: Your message of "Mon, 18 Aug 1997 10:27:48 +1000 (EST)"
References: <Pine.BSF.3.91.970818101834.308U-100000@panda.hilink.com.au>
X-Mailer: Mew version 1.03 on Emacs 19.34.1
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Date: Sun, 17 Aug 1997 21:48:59 -0400
From: Chris Shenton <chris@absinthe.i3inc.com>
Sender: owner-freebsd-isp@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

On Mon, 18 Aug 1997 10:27:48 +1000 (EST)
"Daniel O'Callaghan" <danny@panda.hilink.com.au> wrote:

danny> I've done this.  The problem is that you need a process running as root.
danny> There are two ways to do this - 
danny> 1. run the httpd as root, which is a bad idea;
danny> 2. have a setuid program which does the change - this is what I did.

Good point. I should have mentioned in my previous message about my
SSL password form is that I use RADIUS, and I use it with its own auth
file (DBM) rather than /etc/passwd. That way I avoid needing a suid
program. 

But if you wanna change real system passwords, rather than RADIUS,
then there's no way around this. Sorry for the confusion.