Re: Changing Passwords through the web

From: Eric Anderson (anderson@centtech.com)
Date: 02/28/02 

Date: Thu, 28 Feb 2002 06:44:36 -0600
From: Eric Anderson <anderson@centtech.com>
To: Buliwyf McGraw <buliwyf@libertad.univalle.edu.co>

They way I have done this type of thing in the past, is I have a web/cgi script
that takes the users old password, checks it against the password file, takes
the new passwords, checks it against a "bad password" list, then I store it, and
have a cron job run a separate script (as root) to do the password changing. I
feel it protects you against suid web stuff (which I am totally against). If you
can write programs well and know how to look for holes of that sort, you should
be fine.

Eric

Buliwyf McGraw wrote:
>
> Hello friends...
> I was using webmin to create users by the web... but i need
> to do an interface for users can change them passwords by the
> web too.
> I can not use webmin, because the webmin user need a password...
> i need an open interface, for everyone who wants change his own
> password, can do it...
> I was thinking on suexec apache service... but in the web site
> i found that suexec doesn't support root scripts anymore...
> so, i get lost...
>
> Any question or sugestion is welcome.
> Thank you
>
> =======================================================================
> Buliwyf McGraw
> Administrador del Servidor Libertad
> Centro de Servicios de Informacion
> Universidad del Valle
> =======================================================================
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message 

-- 
------------------------------------------------------------------
Eric Anderson	   Systems Administrator      Centaur Technology
If at first you don't succeed, sky diving is probably not for you.
------------------------------------------------------------------
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Relevant Pages

  • Re: Linux dpkg Software Report
    ... Joep L. Blom wrote: ... ambitious script to date, and have completed the Linux dpkg Software ... Later, Ray Parrish ... Does it look like the output in Webmin in: ...
    (Ubuntu)
  • Re: mysql backup script
    ... For those that recommended webmin. ... >> I am having a problem with a backup script that is written in a shell ... Should I put some kind of a wait in the script after it stops ... >> though because it exits afterward and the mysql daemon is still running ...
    (RedHat)
  • Re: mysql backup script
    ... Webmin is cool for everything, especially the backup.pl script that it generates. ... >> I am having a problem with a backup script that is written in a shell ... >> MySQL could not be stopped, ...
    (RedHat)
  • Re: Solaris and Webmin
    ... :> I use Webmin 1.090 on Solaris 8 and it's works fine. ... :> some keyboard input (i.e. the unix script wait for a Yes/No answer). ...
    (comp.unix.solaris)
  • Changing Passwords through the web (fwd)
    ... I can not use webmin, because the webmin user need a password... ... i need an open interface, for everyone who wants change his own ... I was thinking on suexec apache service... ... Administrador del Servidor Libertad ...
    (FreeBSD-Security)