Detaching program from controlling terminal
Ihsan Junaidi Ibrahim
ihsan at synthexp.net
Tue Jun 15 14:08:42 PDT 2004
Matthew Seaman wrote:
> Since you aren't allowing your users to log into your FreeBSD server
> the question arises as to why exactly they need passwords there? Two
> things leap to mind immediately: access to shared filesystems or
> access to an e-mail server.
>
It's an e-mail server. Previously I set it up to use MySQL
authentication which allows the virtual users to change the password via
a simple PHP-based script. The obvious drawback to this method is that
these users don't enjoy system-level utilities such as quota and mail
forwarding via procmail/maildrop. The former is actually implementable
(though we never got it done) but it complicates matters. We're trying
to keep everything manageable to within reasonable limits since this is
not the only box in here and the resources are tight.
Postfix-style virtual domain allows virtual users to have their own home
directories, thus enjoying system-level utilities hence the reason why I
went ahead with the plan of implementing it until the users realize that
the *complexities* behind changing the password. Being in their
situation before, I can understand their predicament.
As for the privacy issue, the administrators will have to know the users
password should they want to change them. The administrators are
off-site and the only way to do so currently is to phone in their password.
Since passwd and pw are ruled out, what can I do to allow the users to
manage their accounts properties? Is Usermin viable in this setting?
Can centralized authentication mechanism such as LDAP/RADIUS/TACACS be
recommended?
Thank you for your time,
Ihsan
More information about the freebsd-questions
mailing list