[unisog] web based passwords

Greg Francis francis at gonzaga.edu
Fri Dec 7 16:42:38 GMT 2001


We're using Horde/IMP for the web interface to our Linux mail server. We
handle password changes using poppassd as other people have mentioned. Our
difference is that we've customized to do Kerberos so that students can
change their Active Directory password as well. We handle security of this
clear-text password change mechanism by using ipchains on the Linux server
to only accept poppassd connections from the web-mail server. It's been
working really well for us. The student that altered the poppassd code for
us (Alex Withers), has posted the Kerberos version of the code to freshmeat
I believe. He called it kpoppassd.

Greg

--
Greg Francis
Sr. System Administrator
Gonzaga University
francis at gonzaga.edu
509-323-6896

----- Original Message -----
From: "Lance Gjerstad" <lgjersta at kettering.edu>
To: <unisog at sans.org>
Sent: Thursday, December 06, 2001 2:07 PM
Subject: [unisog] web based passwords


We have a large number of users who use our Unix system for e-mail, but
who don't have the knowledge to log into the system and don't care to
take the time to learn.  Unfortunately, this means they either have to
call the computer center to have their passwords changed or, as is more
likely, just never change their passwords.  We've been looking into
various solutions, such as enabling some sort of web interface to this,
and likely other commands.  Does anyone know of a secure and affordable
solution for this?  We'd prefer if the CGI script could become the user
without having to be suid root, but it doesn't appear that Unix allows this.

Lance Gjerstad
Intermediate Unix System Administrator
Kettering University




More information about the unisog mailing list