Re: [Dovecot] Changing password for users
Ben Morrow wrote: Maybe replace "/usr/bin/passwd" with htpasswd? Try pam_pwdfile with poppwd or some other poppassd that supports PAM. That's it! I was trying to remember the name of this PAM module. and is there another way other than poppassd? Write your own PHP script -- it couldn't be more than a few dozen lines of code for a working skeleton. Or Google "php change password htpasswd". It's not as simple as you seem to think. Quite apart from getting the password-changing itself right (have you considered what happens when two users change their passwords at the same time? when Dovecot tries to read the password file at the same time as you are changing it? when the system crashes when you are halfway through rewriting the password file?), you really shouldn't be running PHP as a user with write access to a password file (even a virtual password file) in any case. I did consider it, and you're right, it is tricky to get it absolutely right. If robusteness and security was of utmost importance, I would abandon PHP too. I was scaling the solution to the OP's technical ability and apparent size of their operation -- if poppwd passes muster, this wouldn't be too far off. Joseph Tam
Re: [Dovecot] Changing password for users
On Fri, Oct 26, 2012 at 11:04:13PM +0200, Tom Hendrikx wrote: > Using a database for managing virtual users seems overkill, > until you run into issues like this. > > I have a postgres backend for 20ish users, and I can plugin > everything I want. Postfixadmin works geat, and there are many > password plugins for squirrelmail/roundcube/etc that work with > such a database. > > Disclaimer: I tried the file-based approach too, but kept > building kludges for things that were a lot simpler with a > database. In the end, I joined the dark side. SQLite gives me the best of both worlds: file-based stability with SQL flexibility and easy backups. There is no Postfixadmin-type solution out there yet, but if you're fine with sqlite3(1) in the console, you won't miss it. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
Re: [Dovecot] Changing password for users
At 3PM -0700 on 26/10/12 you (Joseph Tam) wrote: > > > From: Mike John > > > >> I know about poppassd , but it works only for /etc/passwd , > >> /etc/shadow, but my dovecot virtual users password files > >> are in different location and i do not know how to modify poppassd, > >> any idea how can i do that? > > I downloaded and examined it; it's just a wrapper for /usr/bin/passwd, > and there doesn't seem an easy way to modify it to use something other > than the system password file. > > Maybe replace "/usr/bin/passwd" with htpasswd? Try pam_pwdfile with poppwd or some other poppassd that supports PAM. > > and is there another way other than poppassd? > > Write your own PHP script -- it couldn't be more than a few dozen lines > of code for a working skeleton. Or Google "php change password htpasswd". It's not as simple as you seem to think. Quite apart from getting the password-changing itself right (have you considered what happens when two users change their passwords at the same time? when Dovecot tries to read the password file at the same time as you are changing it? when the system crashes when you are halfway through rewriting the password file?), you really shouldn't be running PHP as a user with write access to a password file (even a virtual password file) in any case. Ben
Re: [Dovecot] Changing password for users
From: Mike John I know about poppassd , but it works only for /etc/passwd , /etc/shadow, but my dovecot virtual users password files are in different location and i do not know how to modify poppassd, any idea how can i do that? I downloaded and examined it; it's just a wrapper for /usr/bin/passwd, and there doesn't seem an easy way to modify it to use something other than the system password file. Maybe replace "/usr/bin/passwd" with htpasswd? and is there another way other than poppassd? Write your own PHP script -- it couldn't be more than a few dozen lines of code for a working skeleton. Or Google "php change password htpasswd". Joseph Tam
Re: [Dovecot] Changing password for users
On 26-10-12 20:47, Mike John wrote: > On 2012-10-26 01:17, Mike John wrote: > >>> Hello, I am using dovecot (2.0.9) and using virtual users using passdb >>> { args = /etc/dovecot/dovecotpasswd driver = passwd-file } How can i >>> make my virtual users change their passwords using web interface ? My >>> users already uses squirrelmail to access their mail. is there a >>> program to add to squirrelmail to add this function to the clients ? or >>> should i user different separate website for password changing ? and >>> what program/tool can help me with this ? Any ideas is greatly >>> appreciated. Mike. Mike, >> >>> I don't know about forcing users to change their passwords however with >>> Squirrelmail there are several password change plugins available that >>> use "poppasswd" to actually c> ssword. Of course poppasswd will >> probably need to be modified to go >>> against your password data base, in my case it simply uses PAM. The >>> version I> sion 1.8.5. Oh you probably want to restrict access to the >> port from >>> the local host only since pas >> ansmitted in clear >> >>> quot >> e>Jeff >> >> I know about poppassd , but it works only for /etc/passwd , >> /etc/shadow, but my dovecot virtual users password files >> are in different location and i do not know how to modify poppassd, any >> idea how can i do that? and is there another way other than poppassd? > > i have googled every where, i can not find how to modify poppassd to > modify virtual users passwords at /etc/dovecot/passwords > , Is there any other way ? i am sure that some one in this mailing list > have virtual users and uses modified poppassd or other utils so that his > clients can change their password Using a database for managing virtual users seems overkill, until you run into issues like this. I have a postgres backend for 20ish users, and I can plugin everything I want. Postfixadmin works geat, and there are many password plugins for squirrelmail/roundcube/etc that work with such a database. Disclaimer: I tried the file-based approach too, but kept building kludges for things that were a lot simpler with a database. In the end, I joined the dark side. -- Tom
Re: [Dovecot] Changing password for users
On 2012-10-26 01:17, Mike John wrote: Hello, I am using dovecot (2.0.9) and using virtual users using passdb { args = /etc/dovecot/dovecotpasswd driver = passwd-file } How can i make my virtual users change their passwords using web interface ? My users already uses squirrelmail to access their mail. is there a program to add to squirrelmail to add this function to the clients ? or should i user different separate website for password changing ? and what program/tool can help me with this ? Any ideas is greatly appreciated. Mike. Mike, I don't know about forcing users to change their passwords however with Squirrelmail there are several password change plugins available that use "poppasswd" to actually c> ssword. Of course poppasswd will probably need to be modified to go against your password data base, in my case it simply uses PAM. The version I> sion 1.8.5. Oh you probably want to restrict access to the port from the local host only since pas ansmitted in clear quot e>Jeff I know about poppassd , but it works only for /etc/passwd , /etc/shadow, but my dovecot virtual users password files are in different location and i do not know how to modify poppassd, any idea how can i do that? and is there another way other than poppassd? i have googled every where, i can not find how to modify poppassd to modify virtual users passwords at /etc/dovecot/passwords , Is there any other way ? i am sure that some one in this mailing list have virtual users and uses modified poppassd or other utils so that his clients can change their password
Re: [Dovecot] Changing password for users
On Oct 25, 2012 7:20 PM, "Mike John" wrote: >> >> Hello, >> >> I am using dovecot (2.0.9) and using virtual users using >> >> passdb { >> args = /etc/dovecot/dovecotpasswd >> driver = passwd-file >> } >> >> How can i make my virtual users change their passwords using web >> interface ? >> >> My users already uses squirrelmail to access their mail. is there a >> program to add to squirrelmail to add this function to the clients ? >> or should i user different separate website for password changing ? >> and what program/tool can help me with this ? >> >> Any ideas is greatly appreciated. >> >> Mike. >> Mike, > > >> I don't know about forcing users to change their passwords however with >> Squirrelmail there are several password change plugins available that >> use "poppasswd" to actually change the password. > > >> Of course poppasswd will probably need to be modified to go against your >> password data base, in my case it simply uses PAM. The version I use is >> poppassd version 1.8.5. > > >> Oh you probably want to restrict access to the port from the local host >> only since passwords are transmitted in clear text. > > >> Jeff > > > I know about poppassd , but it works only for /etc/passwd , /etc/shadow, but my dovecot virtual users password files > are in different location and i do not know how to modify poppassd, any idea how can i do that? and is there another way other than poppassd? Horde has a change password module too. And essentially it's trivial to write your own php page to do it. I'll do it if you want to contract it out. Simon
Re: [Dovecot] Changing password for users
Hello, I am using dovecot (2.0.9) and using virtual users using passdb { args = /etc/dovecot/dovecotpasswd driver = passwd-file } How can i make my virtual users change their passwords using web interface ? My users already uses squirrelmail to access their mail. is there a program to add to squirrelmail to add this function to the clients ? or should i user different separate website for password changing ? and what program/tool can help me with this ? Any ideas is greatly appreciated. Mike. Mike, I don't know about forcing users to change their passwords however with Squirrelmail there are several password change plugins available that use "poppasswd" to actually change the password. Of course poppasswd will probably need to be modified to go against your password data base, in my case it simply uses PAM. The version I use is poppassd version 1.8.5. Oh you probably want to restrict access to the port from the local host only since passwords are transmitted in clear text. Jeff I know about poppassd , but it works only for /etc/passwd , /etc/shadow, but my dovecot virtual users password files are in different location and i do not know how to modify poppassd, any idea how can i do that? and is there another way other than poppassd?
Re: [Dovecot] Changing password for users
On 10/25/2012 03:21 PM, Mike John wrote: Hello, I am using dovecot (2.0.9) and using virtual users using passdb { args = /etc/dovecot/dovecotpasswd driver = passwd-file } How can i make my virtual users change their passwords using web interface ? My users already uses squirrelmail to access their mail. is there a program to add to squirrelmail to add this function to the clients ? or should i user different separate website for password changing ? and what program/tool can help me with this ? Any ideas is greatly appreciated. Mike. Mike, I don't know about forcing users to change their passwords however with Squirrelmail there are several password change plugins available that use "poppasswd" to actually change the password. Of course poppasswd will probably need to be modified to go against your password data base, in my case it simply uses PAM. The version I use is poppassd version 1.8.5. Oh you probably want to restrict access to the port from the local host only since passwords are transmitted in clear text. Jeff
[Dovecot] Changing password for users
Hello, I am using dovecot (2.0.9) and using virtual users using passdb { args = /etc/dovecot/dovecotpasswd driver = passwd-file } How can i make my virtual users change their passwords using web interface ? My users already uses squirrelmail to access their mail. is there a program to add to squirrelmail to add this function to the clients ? or should i user different separate website for password changing ? and what program/tool can help me with this ? Any ideas is greatly appreciated. Mike.