From owner-freebsd-questions@FreeBSD.ORG Tue Jun 15 21:08:42 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C6A8516A4CE for ; Tue, 15 Jun 2004 21:08:42 +0000 (GMT) Received: from anggerik.synthexp.net (anggerik.meltech.net.my [202.71.100.92]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7D39043D58 for ; Tue, 15 Jun 2004 21:08:42 +0000 (GMT) (envelope-from ihsan@synthexp.net) Received: from [192.168.1.2] (unknown [218.111.150.37]) by anggerik.synthexp.net (Postfix) with ESMTP id C2E275081B for ; Wed, 16 Jun 2004 05:08:23 +0800 (MYT) Message-ID: <40CF6510.7080805@synthexp.net> Date: Wed, 16 Jun 2004 05:07:28 +0800 From: Ihsan Junaidi Ibrahim User-Agent: Mozilla Thunderbird 0.6 (Windows/20040502) X-Accept-Language: en-us, en MIME-Version: 1.0 To: FreeBSD-questions@FreeBSD.org References: <40CE8CB9.9050504@synthexp.net> <20040615085551.GB92278@happy-idiot-talk.infracaninophile.co.uk> In-Reply-To: <20040615085551.GB92278@happy-idiot-talk.infracaninophile.co.uk> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: Detaching program from controlling terminal X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Jun 2004 21:08:42 -0000 Matthew Seaman wrote: > Since you aren't allowing your users to log into your FreeBSD server > the question arises as to why exactly they need passwords there? Two > things leap to mind immediately: access to shared filesystems or > access to an e-mail server. > It's an e-mail server. Previously I set it up to use MySQL authentication which allows the virtual users to change the password via a simple PHP-based script. The obvious drawback to this method is that these users don't enjoy system-level utilities such as quota and mail forwarding via procmail/maildrop. The former is actually implementable (though we never got it done) but it complicates matters. We're trying to keep everything manageable to within reasonable limits since this is not the only box in here and the resources are tight. Postfix-style virtual domain allows virtual users to have their own home directories, thus enjoying system-level utilities hence the reason why I went ahead with the plan of implementing it until the users realize that the *complexities* behind changing the password. Being in their situation before, I can understand their predicament. As for the privacy issue, the administrators will have to know the users password should they want to change them. The administrators are off-site and the only way to do so currently is to phone in their password. Since passwd and pw are ruled out, what can I do to allow the users to manage their accounts properties? Is Usermin viable in this setting? Can centralized authentication mechanism such as LDAP/RADIUS/TACACS be recommended? Thank you for your time, Ihsan