RE: Password changed via the web <- big issue !!!!
Wow... You are all complicating this whole thing too much... Put qmail's settings into a SQL database (MySQL for example) and you have access from any cgi program of php/asp/ssl/... page on your web server. Because the password you are using to access your mail is no longer a password that can log into the system, the security risk drops significantly. If you are woried about sniffers stealing your password... Use SSL, if not, hey, dont... Worst case scenario... They can read your mail... So? They can do that anyhow, if they can sniff my network traffic, so no harm done here... Goran > > That would require SSL. I want the same thing. > > You would have to build a cgi, going thru ssl, calling passwd. > It would be fairly trivial to roll your own app to do it and run it > thru tcpserver and stunnel. How you actually do it depends on the
Re: Password changed via the web <- big issue !!!!
On Wed, 19 Jul 2000, John van V. wrote: > > That would require SSL. I want the same thing. > > You would have to build a cgi, going thru ssl, calling passwd. > > The only way I can think of doing that is w/ expect. > > Keep in mind... the script would have to be SUID. > > This is a very big issue. So much so that I could easily see abandoning Unix > style authentication for something available thru the various security > toolkits. > > Radical, I know, but I am just that kind of person :) > > > > > I would like to know how to change user's password via the web, as > > I know, (qmail) mail userl's password is corresponding to Redhat linux > > user's password. Please give me any idea of how to let my user change > > password via the web. And the web server and qmail server is located at > > different machine. > > > > Thank You so much for your help It would be fairly trivial to roll your own app to do it and run it thru tcpserver and stunnel. How you actually do it depends on the OS. In FreeBSD you can use pw, and if you want to be really slick about it you can even use it to disable an account. Vince. -- == Vince Vielhaber -- KA8CSHemail: [EMAIL PROTECTED]http://www.pop4.net 128K ISDN from $22.00/mo - 56K Dialup from $16.00/mo at Pop4 Networking Online Campground Directoryhttp://www.camping-usa.com Online Giftshop Superstorehttp://www.cloudninegifts.com ==
Re: Password changed via the web <- big issue !!!!
That would require SSL. I want the same thing. You would have to build a cgi, going thru ssl, calling passwd. The only way I can think of doing that is w/ expect. Keep in mind... the script would have to be SUID. This is a very big issue. So much so that I could easily see abandoning Unix style authentication for something available thru the various security toolkits. Radical, I know, but I am just that kind of person :) --- Mark Lo <[EMAIL PROTECTED]> wrote: > Hi, > > I would like to know how to change user's password via the web, as > I know, (qmail) mail userl's password is corresponding to Redhat linux > user's password. Please give me any idea of how to let my user change > password via the web. And the web server and qmail server is located at > different machine. > > Thank You so much for your help > > Mark Lo > > > > = John van Vlaanderen # #CXN, Inc. Contact: [EMAIL PROTECTED] # # # Proud Sponsor of Perl/Unix of NY # #http://puny.vm.com # # __ Do You Yahoo!? Get Yahoo! Mail Free email you can access from anywhere! http://mail.yahoo.com/