I have implemented this into sqwebmail + SSL: qmail + mysql + vitual maildir
et authmysql only environment, only the crypted password in DB is checked
for all applications : pop3 + checkpasswd (local) , courier imapd (local)
and sqwebmail+SSL (web Internet and local).
The user account is created first in the DB (id, primary crypted password,
group, alias and full_name) with phpMyAdmin.
Sqwebmail create home_dir (home_root predefined + group +id ) and maildirs
for the user in the first Web connection, and allow to modify password and
forwards only (qmail is modified for using forwards in DB). Other connection
are disabled before this first connection.
The administrator QMAIL can change all parameter (password, quota, alias,
full name, expiration, forwards,...) in DB with phpMyAdmin (only one WEB
tools for all administration). Qmail DB tables are synchronized between all
applis.
This is made for our local environment, it is not easy to port in other
case, because I am not a programmer professional (autoconf not used).
Bye
DD
----- Original Message -----
From: "Philip Tong" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, October 27, 2000 4:40 AM
Subject: User password change using web. Suggestions?
> What is a good method to allow users to have their mail password changed
> using a Web Browser?
>
> What are the security issues that I need to look into?
>
> TIA
>
>
>
