On Tue, Jul 31, 2001 at 04:50:57PM -0500, Jay Kline wrote: > I have been contemplating setting up a method to allow my email users to > change their password. I have set my system up so they all use the same > account (popuser) but pop authentication is done with the > /var/qmail/users/poppasswd file instead. I wrote a perl script to behaive > much the same way the standard passwd command does, and could easily write > other scripts that can manipulate this file. The problem is, how do I handle > allowing users to change passwords securely? I have thought of running a cgi > script via web, but something about doing a setuid root cgi script scares me > a little. Since none of the users have shell access, they cant use ssh or > telnet (not even enabled on the server) to connect to the system. A few > ideas I have been kicking around is using some sort of spooler, where > password change requests are put into a file, then into a directory- which > would be called by some program either via cron or a daemon and process the > requests. That way any cgi script would be able to submit a request. > Another thought I had was via email- user sends email to something like > chpasswd at slushpupie.com with their username, old password, and new password > and all incoming mail to that account is handled via some program/script. I use the vpopmail+qmailadmin packages, they have all what you have now. Virtual pop-accounts with only 1 system user, webbased interface for managing domains (from the user side), ability to create popboxes, forwards, aliases, mailinglists etc.. You might want to look into it: http://www.inter7.com/ It's all premade and well tested so you'll not run into a lot of bugs. just my .20 dkr! -- Thomas Eibner <http://thomas.eibner.dk/> DnsZone <http://dnszone.org/> mod_pointer <http://stderr.net/mod_pointer>