From owner-freebsd-questions@FreeBSD.ORG Tue Dec 14 19:05:21 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AFB7316A4CE for ; Tue, 14 Dec 2004 19:05:21 +0000 (GMT) Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.201]) by mx1.FreeBSD.org (Postfix) with ESMTP id D823343D41 for ; Tue, 14 Dec 2004 19:05:20 +0000 (GMT) (envelope-from bsdfreak@gmail.com) Received: by rproxy.gmail.com with SMTP id 40so515262rnz for ; Tue, 14 Dec 2004 11:04:45 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=qoFwlrKH7W2anOysv4FScxufnwuYNwPDPnni/ORstV1fYRD3Tj4FxzFWUvod2SczC56CIdezKIykwvLXVh7OACU1T5miM+3IK9pIFtjiI/PGDx3pqNi+Lv1UfMsik/lwr/XQJBBIhiX7IxRQYOMycGbtKUFAQc7YM6ViB+fdcXE= Received: by 10.38.179.75 with SMTP id b75mr2254291rnf; Tue, 14 Dec 2004 11:04:44 -0800 (PST) Received: by 10.38.179.34 with HTTP; Tue, 14 Dec 2004 11:04:44 -0800 (PST) Message-ID: Date: Tue, 14 Dec 2004 14:04:44 -0500 From: Alexander Chamandy To: Fernando Gleiser , freebsd-questions@freebsd.org In-Reply-To: <20041214154909.W24270@cactus.fi.uba.ar> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit References: <20041214153502.D24270@cactus.fi.uba.ar> <20041214154909.W24270@cactus.fi.uba.ar> Subject: Re: web-based password checking tool? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Alexander Chamandy List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Dec 2004 19:05:21 -0000 In that case, check out something like: http://rucus.ru.ac.za/~bvi/utils/webpass/ "Web Pass is a CGI script which allows users on a system to change their passwords via the web. This is useful for users with no shell access to the machine, but who still have 'real' accounts for things such as web space, ftp Samba and the like." I hope this helps! On Tue, 14 Dec 2004 16:02:46 -0300 (ART), Fernando Gleiser wrote: > On Tue, 14 Dec 2004, Alexander Chamandy wrote: > > > The solution I've seen people use in the past is Webmin > > (http://www.webmin.com/), but I haven't heard great things about its > > security. I would use it cautiously if you are looking for that > > functionality. > > Webmin is a different thing. it allows for web-based administration, > it isn't useful as a tool for users to change their passwords. > In order to use webmin for that, I'd have to add a webmin user for > every mail user and restrict the module set. It is just not worth it. > > I'm looking for something like some ISPs do: a form where you enter > your username, your old password and your new one (twice, for confirmation). > > I think I can hack a quick CGI script which does that, then checks the > parameters, and if everything is OK, hashes the new passwd and calls > something like > "echo ecnryptedpass | sudo pw usermod user -H 1" > > or something like that. But I prefer to use already made and tested > solutions. > > > > The problem I'd note is that in order to attain > > convenience in the traditional sense, one must generally sacrifice > > layers of security. In this case, allowing a web interface to change > > users' authentication credentials provides risks (compromise, > > information leakage, etc.) and rewards (enhanced usability for novice > > users, added convenience). > > Exactly. But I think in this case is justified. We're talking about > people who are not technical. It's the only way. > > Fer > -- Best wishes, Alexander G. Chamandy Webmaster www.bsdfreak.org Your Source For BSD News!