Ben Morrow wrote:

Maybe replace "/usr/bin/passwd" with htpasswd?

Try pam_pwdfile with poppwd or some other poppassd that supports PAM.

That's it!  I was trying to remember the name of this PAM module.

and is there another way other than poppassd?

Write your own PHP script -- it couldn't be more than a few dozen lines
of code for a working skeleton.  Or Google "php change password htpasswd".

It's not as simple as you seem to think. Quite apart from getting the
password-changing itself right (have you considered what happens when
two users change their passwords at the same time? when Dovecot tries to
read the password file at the same time as you are changing it? when the
system crashes when you are halfway through rewriting the password
file?), you really shouldn't be running PHP as a user with write access
to a password file (even a virtual password file) in any case.

I did consider it, and you're right, it is tricky to get it absolutely
right.  If robusteness and security was of utmost importance, I would
abandon PHP too.  I was scaling the solution to the OP's technical
ability and apparent size of their operation -- if poppwd passes muster,
this wouldn't be too far off.

Joseph Tam <jtam.h...@gmail.com>

Reply via email to