[lug] Web based password changers

Peter Hutnick peter-lists at hutnick.com
Thu Jun 13 11:04:33 MDT 2002

Hash: SHA1

On Thursday 13 June 2002 10:42 am, Harris, James wrote:
> Howdy all!
> I'm looking for a simple web interface to allow users to change their
> password via an https connection (for our restricted FTP only server.) 
> I've searched freshmeat and turned a whole bunch of cgi's that can do this,
> so I'm really not sure which one to use.  Has anyone here used any type of
> a cgi like this, and could you make a recommendation?  Obviously, my
> concern is for security so I would prefer to use something that has been
> tried and trued.

Not really an answer to your question, but . . .

If you are running SSHD anyway, and you have an FTP server that is not 
dependent on the shell listed in /etc/passwd (such as ProFTPD AFAIR) you can 
just set those users shells to /usr/bin/passwd, then they can change it via 


   sed s%/bin/false%/usr/bin/passwd% /etc/passwd > /etc/newpasswd

then CHECK newpasswd by hand, and IF it looks good mv /etc/newpasswd 
/etc/passwd should do the trick.

- -Peter

- -- 
/"\ ASCII Ribbon campaign against HTML e-mail
\ /
 X   Get my PGP key at http://hutnick.com/pgp
/ \  6128 5651 6F23 EC17 6EBD  737D 960A 20E6 76CA 8A59
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org


More information about the LUG mailing list