|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Eric Anderson (anderson
centtech.com)Date: Thu Feb 28 2002 - 06:44:36 CST
They way I have done this type of thing in the past, is I have a web/cgi script
that takes the users old password, checks it against the password file, takes
the new passwords, checks it against a "bad password" list, then I store it, and
have a cron job run a separate script (as root) to do the password changing. I
feel it protects you against suid web stuff (which I am totally against). If you
can write programs well and know how to look for holes of that sort, you should
be fine.
Eric
Buliwyf McGraw wrote:
>
> Hello friends...
> I was using webmin to create users by the web... but i need
> to do an interface for users can change them passwords by the
> web too.
> I can not use webmin, because the webmin user need a password...
> i need an open interface, for everyone who wants change his own
> password, can do it...
> I was thinking on suexec apache service... but in the web site
> i found that suexec doesn't support root scripts anymore...
> so, i get lost...
>
> Any question or sugestion is welcome.
> Thank you
>
> =======================================================================
> Buliwyf McGraw
> Administrador del Servidor Libertad
> Centro de Servicios de Informacion
> Universidad del Valle
> =======================================================================
>
> To Unsubscribe: send mail to majordomoFreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
-- ------------------------------------------------------------------ Eric Anderson Systems Administrator Centaur Technology If at first you don't succeed, sky diving is probably not for you. ------------------------------------------------------------------To Unsubscribe: send mail to majordomo
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]