[lug] Web based password changers
peter-lists at hutnick.com
Thu Jun 13 11:04:33 MDT 2002
-----BEGIN PGP SIGNED MESSAGE-----
On Thursday 13 June 2002 10:42 am, Harris, James wrote:
> Howdy all!
> I'm looking for a simple web interface to allow users to change their
> password via an https connection (for our restricted FTP only server.)
> I've searched freshmeat and turned a whole bunch of cgi's that can do this,
> so I'm really not sure which one to use. Has anyone here used any type of
> a cgi like this, and could you make a recommendation? Obviously, my
> concern is for security so I would prefer to use something that has been
> tried and trued.
Not really an answer to your question, but . . .
If you are running SSHD anyway, and you have an FTP server that is not
dependent on the shell listed in /etc/passwd (such as ProFTPD AFAIR) you can
just set those users shells to /usr/bin/passwd, then they can change it via
sed s%/bin/false%/usr/bin/passwd% /etc/passwd > /etc/newpasswd
then CHECK newpasswd by hand, and IF it looks good mv /etc/newpasswd
/etc/passwd should do the trick.
/"\ ASCII Ribbon campaign against HTML e-mail
X Get my PGP key at http://hutnick.com/pgp
/ \ 6128 5651 6F23 EC17 6EBD 737D 960A 20E6 76CA 8A59
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----
More information about the LUG