Date: Thu, 22 Apr 1999 20:16:28 -0700 (PDT) From: Nicole Harrington <nicole@nmhtech.com> To: Mark Conway Wirt <mark@intrepid.net> Cc: freebsd-isp@FreeBSD.ORG, Anthony Capone <capone@cap1.net>, W.Reilly Cooley <wcooley@nakedape.navi.net> Subject: Re: Web Based Script for passwd Message-ID: <XFMail.990422201628.nicole@nmhtech.com> In-Reply-To: <19990331080727.A26659@intrepid.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 31-Mar-99 My Secret Spies Reported That Mark Conway Wirt wrote: > On Mon, Mar 29, 1999 at 10:12:41PM -0800, W. Reilly Cooley wrote: >> I've considered a web-based interface for users to modify their >> configurations (mail forwarding, etc), but giving users access using their >> UNIX passwords through a web interface is a /big/ security hole. See >> http://www.apache.org/docs/misc/FAQ.html#passwdauth for an explanation. >> This might be reasonable, if, for example, you only permit access from >> within your net block. But even then it's sketchy... > > Sorry for the late reply, I'm a little behind on my mail.. Eudora has a cool feature that allows someone to change their passwd via the email program. You run a daemon on your server that answers on a specific port and acts as an interface to the password program. I found a perl script that you can setup to replace the eudora mailer and allow passwd changes safely via a web page by having the webpage/CGI script talk to the server on the port. Of course via a SSL web page is the only really safe way, but there are now no chroot problems. If anyone is interested I will try to dig out the program. I have been trying to find the time to set it up for some time now. Nicole > Does it have to be Web based? We have a mail based one -- the user > sends a message to support with the subject of HOURS, and procmail > kicks of a perl script that mails them the information back. Seems to > work well, and the nice thing about it is a user can only check their > hours, and it needs no authentication. It checks the hours of the > account that sent the mail, and sends the results back to that > address, so even if someone forges the "from" header, they wont see > the result.... > > --Mark > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message |\ __ /| (`\ | o_o |__ ) ) // \\ nicole@nmhtech.com | http://www.webweaver.net/ webmistress@dangermouse.org | http://www.dangermouse.org -------------------------(((---(((----------------------- - Powered by Coka Cola and FreeBSD - - Stong enough for a man - But made for a Woman - - I'm not ADD - I'm just Multithreaded - - Microsoft: What bug would you like today? - ---------------------------------------------------------- SYSADMIN(1) Sysadmin is the keeper of all things computer, is generally harangued, must be supplied with caffeine, chocolate, and sushi in order to function properly, cannot be exposed to direct sunlight, and must not be allowed to have a life. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.990422201628.nicole>