On Thu, 11 May 2000, Elizabeth Garcia wrote:
..
> hello,
> can someone help me..... i've been task to
> maintain a linux server with web and mail. so far i've
> been able to understand mail services but now i must
> be able to have an online change of email password..
> can someone help me out or just give ideas on how to
> do this task..... thanks...
web-based changing is password is VERY VERY BAD. didn't your mommy tell
you not to do that?! :)
seriously, you would need to run apache is root to do that (suexec won't
work because suexec won't let you run as root). or use a setuid wrapper. i
suggest suidperl with taintcheck turned on.. it catches a lot of dumbass
security holes.
My preferred solution is to let users change their DIALUP password, which
in Moscom's case is stored in an Oracle table. Periodically, a cron job
synchronizes the UNIX password from the Oracle table. This also has the
added benefit of automating the adding of new user accounts to the system
(when the accounting people encode a client's information in Oracle,
within 30 minutes a UNIX account for that client is created).
We have to do this kind of cr*p because Moscom is probably the last ISP
left in the Philippines that still allows shell access *roll eyes*
---------------------------------------------------------------------
Orlando Andico <[EMAIL PROTECTED]> POTS Phone: +63 (2) 937-2293
Mosaic Communications, Inc. GSM Mobile: +63 (917) 531-5893
Any sufficiently perverted technology is indistinguishable from Perl.
-
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
