Hello, changing the system password requires root privileges, because it needs to modify the /etc/shadow file. Thus either I would put the password change requests into a mysql table or text file and run a cronjob as root which checks e.g. every 15 minutes if there are new pw change requests. If there are new ones, an expect (tool to control interactive programs) script gets executed by root which changes the system password depending on the request. However this method could be insecure depending on the setup of your scripts.
Another approach would be letting the users change their system passwords by setting their shell to /usr/bin/passwd, so they only get the change password prompt when they login to the server with their account. This would also send the new password over a secured connection (implies using ssh to login). I don't know if there are any big security risks by setting the shell to passwd. Correct me if I am wrong :) best regards, Stefan Dengscherz On Sat, Feb 12, 2005 at 04:24:57PM +0000, Bruno Santos wrote: > Hello all. > > I've a linux server that runs a mailserver for several users. I want to > build a page where users can change their email password, that's their > accounts password. > > how can i with PHP manage to compare the password they type in a web > form with the one they have in the system ?? (/etc/passwd) ?? > > can it be with LDAP ? or PAM ? or any other method ? > > cheers ! > > Bruno Santos > > -- > Say no to software patents > www.nosoftwarepatents.com/ > -- > [EMAIL PROTECTED] > -- > Divisao de Informatica > [EMAIL PROTECTED] > Tel: +351 272 000 155 > Fax: +351 272 000 257 > -- > Hospital Amato Lusitano > [EMAIL PROTECTED] > Tel: +351 272 000 272 > Fax: +351 272 000 257 > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
