Thanks for your input but I wasn't explicit enough. We use a non-browsing services, it's just simple smtp/pop3 with no panels. However, this users have shell access to the server and I was thinking that maybe there were a way to modify passwords with the bin/vchangepw but when i use it as a regular user it gives me the following error (and yes the user exists):
Read the notes in the source to the program to learn how to set it up correctly:
* Usage Note: * The binary "vchangepw" is added. I set up another * user account with this binary as shell and uid/gid * identical to vpopmail. Now users can ssh to the box * as this user and change the password remote without * asking me. It's as secure as everything else when the * login is only allowed with ssh, so everything is * crypted. * * If you don't create an account as above, you will need to change * permissions and ownership on vchangepw to suid vpopmail.
It should be safe to use -- setuid doesn't work when run under strace, so there's no chance that a user could trace the process to learn a user's password (or, worse yet, the MySQL user/pass).
-- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/
