[TCLUG] Qmail password change

Tue Jul 31 19:39:18 CDT 2001

I have looked at those packages, but ultimately I would like the flexability 
(and learning experience) of writing my own scripts.  Who knows, I may even 
release them as a package... I have most of the system automated with just a 
few scripts.  

Just wondering what peoples thoughts on the different methods of this are

Jay

On Tuesday 31 July 2001  5:58 pm, you wrote:
> On Tue, Jul 31, 2001 at 04:50:57PM -0500, Jay Kline wrote:
> > I have been contemplating setting up a method to allow my email users to
> > change their password.  I have set my system up so they all use the same
> > account (popuser) but pop authentication is done with the
> > /var/qmail/users/poppasswd file instead.  I wrote a perl script to
> > behaive much the same way the standard passwd command does, and could
> > easily write other scripts that can manipulate this file.  The problem
> > is, how do I handle allowing users to change passwords securely?  I have
> > thought of running a cgi script via web, but something about doing a
> > setuid root cgi script scares me a little.  Since none of the users have
> > shell access, they cant use ssh or telnet (not even enabled on the
> > server) to connect to the system.  A few ideas I have been kicking around
> > is using some sort of spooler, where password change requests are put
> > into a file, then into a directory- which would be called by some program
> > either via cron or a daemon and process the requests.  That way any cgi
> > script would be able to submit a request. Another thought I had was via
> > email- user sends email to something like chpasswd at slushpupie.com with
> > their username, old password, and new password and all incoming mail to
> > that account is handled via some program/script.
>
> I use the vpopmail+qmailadmin packages, they have all what you have now.
> Virtual pop-accounts with only 1 system user, webbased interface for
> managing domains (from the user side), ability to create popboxes,
> forwards, aliases, mailinglists etc..
>
> You might want to look into it: http://www.inter7.com/
>
> It's all premade and well tested so you'll not run into a lot of bugs.
>
> just my .20 dkr!

-- 
Jay Kline
list at slushpupie.com
http://www.slushpupie.com

Boys, you have ALL been selected to LEAVE th' PLANET in 15 minutes!!