web-based password checking tool?
Alexander Chamandy
bsdfreak at gmail.com
Tue Dec 14 10:51:34 PST 2004
The solution I've seen people use in the past is Webmin
(http://www.webmin.com/), but I haven't heard great things about its
security. I would use it cautiously if you are looking for that
functionality. The problem I'd note is that in order to attain
convenience in the traditional sense, one must generally sacrifice
layers of security. In this case, allowing a web interface to change
users' authentication credentials provides risks (compromise,
information leakage, etc.) and rewards (enhanced usability for novice
users, added convenience).
- Hide quoted text -
On Tue, 14 Dec 2004 15:41:07 -0300 (ART), Fernando Gleiser
<fgleiser at cactus.fi.uba.ar> wrote:
> I have a FreeBSD box with more then 400 accounts. the users are
> non-technical, administrative kind of persons.
>
> The box is working as a mail server, with sendmail as MTA and cyrus IMAPd,
> authenticating against the system files (/etc/master.passwd) not using
> SASL.
>
> I need a web based tool to let the users change their passwords, since
> they don't have shell access, a web-based solution seems like the
> only way to let them do it without bothering the admins.
--
Best wishes,
Alexander G. Chamandy
Webmaster
www.bsdfreak.org
Your Source For BSD News!
More information about the freebsd-questions
mailing list