web-based password checking tool?
bsdfreak at gmail.com
Tue Dec 14 11:05:21 PST 2004
In that case, check out something like:
"Web Pass is a CGI script which allows users on a system to change
their passwords via the web. This is useful for users with no shell
access to the machine, but who still have 'real' accounts for things
such as web space, ftp Samba and the like."
I hope this helps!
On Tue, 14 Dec 2004 16:02:46 -0300 (ART), Fernando Gleiser
<fgleiser at cactus.fi.uba.ar> wrote:
> On Tue, 14 Dec 2004, Alexander Chamandy wrote:
> > The solution I've seen people use in the past is Webmin
> > (http://www.webmin.com/), but I haven't heard great things about its
> > security. I would use it cautiously if you are looking for that
> > functionality.
> Webmin is a different thing. it allows for web-based administration,
> it isn't useful as a tool for users to change their passwords.
> In order to use webmin for that, I'd have to add a webmin user for
> every mail user and restrict the module set. It is just not worth it.
> I'm looking for something like some ISPs do: a form where you enter
> your username, your old password and your new one (twice, for confirmation).
> I think I can hack a quick CGI script which does that, then checks the
> parameters, and if everything is OK, hashes the new passwd and calls
> something like
> "echo ecnryptedpass | sudo pw usermod user -H 1"
> or something like that. But I prefer to use already made and tested
> > The problem I'd note is that in order to attain
> > convenience in the traditional sense, one must generally sacrifice
> > layers of security. In this case, allowing a web interface to change
> > users' authentication credentials provides risks (compromise,
> > information leakage, etc.) and rewards (enhanced usability for novice
> > users, added convenience).
> Exactly. But I think in this case is justified. We're talking about
> people who are not technical. It's the only way.
Alexander G. Chamandy
Your Source For BSD News!
More information about the freebsd-questions