I use Squirrelmail-1.4.2 on freebsd 5.2. I downloaded the
change_passwd-3.1-1.2.8 plugin and installed it. Anytime i try to
change my password, i get this error message:
cd /usr/local/apache2/htdocs/squirrelmail-1.4.2/plugins
../plugins/change_passwd/chpasswd 'name' 'oldpasswd' 'newpasswd' 2>&1
and when i go the path to run the command, without the 2>&1, i get
this error:
Current password is incorrect.
I removed the plug-in and reinstalled. Then when i ran the chpasswd
utility to change my password, i get this error:
./chpasswd: /lib/libc.so.6: version `GLIBC_2.3' not found (required
by ./chpasswd)
Anybody ever seen these errores before??
How about doing it without SUID binaries compiled for Linux systems?
http://www.freebsd.org/cgi/url.cgi?ports/mail/poppassd/pkg-descr
http://www.squirrelmail.org/plugin_view.php?id=21
How do i achieve that?
1. install poppassd
cd /usr/ports/mail/poppassd
make install
or
pkg_add -r poppassd
2. enable poppassd in superserver
vi /etc/inetd.conf
add
pop3pw stream tcp nowait root /usr/local/libexec/poppassd poppassd
and restart inetd
3. download and install change_pass plugin.
4. test it.
If it does not work, read README file included in plugin. Try changing
password with 'telnet localhost 106'.
You might want to replace inetd with xinetd and bind poppassd only to
local interface or adjust your firewall settings
poppassd is better because:
a) you don't need to elevate user's privileges
b) you provide tool that can be used by any email client that supports
poppass protocol
c) there are poppass servers written for PAM, NIS, shadow passwords, LDAP
and courier authdaemon
>
> Cant i just use the pw utility that comes with freebsd,moreso since
> i use freebsd??
> How do i elevate user privilileges with this? my users default login
> is set to nologin.
Please try not to top-post.
The pw utility is insecure because:
- it does not require authentication of the current password
- you have to allow execution of this utility by the web server
for it to work with the change_passwd plugin which means *any*
script running on your machine can access it and change *any*
user's password at will
-------------------------------------------------------
This SF.Net email is sponsored by OSTG. Have you noticed the changes on
Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now,
one more big change to announce. We are now OSTG- Open Source Technology
Group. Come see the changes on the new OSTG site. www.ostg.com
--
squirrelmail-users mailing list
List Address: [EMAIL PROTECTED]
List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995
List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
