Hello,
I am using dovecot (2.0.9) and using virtual users using
passdb {
args = /etc/dovecot/dovecotpasswd
driver = passwd-file
}
How can i make my virtual users change their passwords using web
interface ?
My users already uses squirrelmail to access their mail. is there a
program to add to squirrelmail to add this function to the clients ? or
should i user different separate website for password changing ? and
what program/tool can help me with this ?
Any ideas is greatly appreciated.
Mike.
> Hello, > > I am using dovecot (2.0.9) and using virtual users using > > passdb { > args = /etc/dovecot/dovecotpasswd > driver = passwd-file > } > > How can i make my virtual users change their passwords using web > interface ? > > My users already uses squirrelmail to access their mail. is there a > program to add to squirrelmail to add this function to the clients ? > or should i user different separate website for password changing ? > and what program/tool can help me with this ? > > Any ideas is greatly appreciated. > > Mike. >Mike,>I don't know about forcing users to change their passwords however > with >Squirrelmail there are several password change plugins available that >use "poppasswd" to actually change the password.>Of course poppasswd will probably need to be modified to go against > your >password data base, in my case it simply uses PAM. The version I use > is >poppassd version 1.8.5.>Oh you probably want to restrict access to the port from the local > host >only since passwords are transmitted in clear text.>JeffI know about poppassd , but it works only for /etc/passwd , /etc/shadow, but my dovecot virtual users password files are in different location and i do not know how to modify poppassd, any idea how can i do that? and is there another way other than poppassd?
On 10/25/2012 03:21 PM, Mike John wrote:> Hello, > > I am using dovecot (2.0.9) and using virtual users using > > passdb { > args = /etc/dovecot/dovecotpasswd > driver = passwd-file > } > > How can i make my virtual users change their passwords using web > interface ? > > My users already uses squirrelmail to access their mail. is there a > program to add to squirrelmail to add this function to the clients ? > or should i user different separate website for password changing ? > and what program/tool can help me with this ? > > Any ideas is greatly appreciated. > > Mike.Mike, I don't know about forcing users to change their passwords however with Squirrelmail there are several password change plugins available that use "poppasswd" to actually change the password. Of course poppasswd will probably need to be modified to go against your password data base, in my case it simply uses PAM. The version I use is poppassd version 1.8.5. Oh you probably want to restrict access to the port from the local host only since passwords are transmitted in clear text. Jeff
> From: Mike John <mike at alaadin.org> > >> I know about poppassd , but it works only for /etc/passwd , >> /etc/shadow, but my dovecot virtual users password files >> are in different location and i do not know how to modify poppassd, >> any idea how can i do that?I downloaded and examined it; it's just a wrapper for /usr/bin/passwd, and there doesn't seem an easy way to modify it to use something other than the system password file. Maybe replace "/usr/bin/passwd" with htpasswd?> and is there another way other than poppassd?Write your own PHP script -- it couldn't be more than a few dozen lines of code for a working skeleton. Or Google "php change password htpasswd". Joseph Tam <jtam.home at gmail.com>
Ben Morrow wrote:>> Maybe replace "/usr/bin/passwd" with htpasswd? > > Try pam_pwdfile with poppwd or some other poppassd that supports PAM.That's it! I was trying to remember the name of this PAM module.>>> and is there another way other than poppassd? >> >> Write your own PHP script -- it couldn't be more than a few dozen lines >> of code for a working skeleton. Or Google "php change password htpasswd". > > It's not as simple as you seem to think. Quite apart from getting the > password-changing itself right (have you considered what happens when > two users change their passwords at the same time? when Dovecot tries to > read the password file at the same time as you are changing it? when the > system crashes when you are halfway through rewriting the password > file?), you really shouldn't be running PHP as a user with write access > to a password file (even a virtual password file) in any case.I did consider it, and you're right, it is tricky to get it absolutely right. If robusteness and security was of utmost importance, I would abandon PHP too. I was scaling the solution to the OP's technical ability and apparent size of their operation -- if poppwd passes muster, this wouldn't be too far off. Joseph Tam <jtam.home at gmail.com>