From owner-freebsd-questions@FreeBSD.ORG Tue Dec 14 19:01:05 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 26FFA16A4CE for ; Tue, 14 Dec 2004 19:01:05 +0000 (GMT) Received: from admin.cablespeed.com (mail.admin.cablespeed.com [216.15.205.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9F07C43D3F for ; Tue, 14 Dec 2004 19:01:04 +0000 (GMT) (envelope-from data2@cablespeed.com) Received: from [24.56.220.5] (account data2@cablespeed.com HELO mdm2205) by admin.cablespeed.com (CommuniGate Pro SMTP 4.1.8) with ESMTP id 85020838 for freebsd-questions@freebsd.org; Tue, 14 Dec 2004 13:01:03 -0600 Message-ID: <12b501c4e20f$4bb95340$05dc3818@mdm2205> From: "Jon Krause" To: References: Date: Tue, 14 Dec 2004 14:01:17 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1437 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441 Subject: Re: web-based password checking tool? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Dec 2004 19:01:05 -0000 Usermin (found from the same link) is probably a better tool, less security concerns. Also, both can be run with ssl and non-standard ports. Best, Jon ----- Original Message ----- From: "Alexander Chamandy" Subject: Re: web-based password checking tool? : The solution I've seen people use in the past is Webmin : (http://www.webmin.com/), but I haven't heard great things about its : security. I would use it cautiously if you are looking for that : functionality. The problem I'd note is that in order to attain : convenience in the traditional sense, one must generally sacrifice : layers of security. In this case, allowing a web interface to change : users' authentication credentials provides risks (compromise, : information leakage, etc.) and rewards (enhanced usability for novice : users, added convenience). : - Hide quoted text - : : : On Tue, 14 Dec 2004 15:41:07 -0300 (ART), Fernando Gleiser : wrote: : > I have a FreeBSD box with more then 400 accounts. the users are : > non-technical, administrative kind of persons. : > : > The box is working as a mail server, with sendmail as MTA and cyrus IMAPd, : > authenticating against the system files (/etc/master.passwd) not using : > SASL. : > : > I need a web based tool to let the users change their passwords, since : > they don't have shell access, a web-based solution seems like the : > only way to let them do it without bothering the admins. : : : -- : Best wishes, : : Alexander G. Chamandy : Webmaster : www.bsdfreak.org : Your Source For BSD News! : _______________________________________________ : freebsd-questions@freebsd.org mailing list : http://lists.freebsd.org/mailman/listinfo/freebsd-questions : To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"