[imp] poppasswd.php3 -- benefits analysis

German Poo Caaman~o gpoo@ubiobio.cl
Tue, 27 Mar 2001 19:31:26 -0400


Chris Crowley wrote:
> Why don't you advise poppassd? I am on the verge of implementing this, and
> would be interested in learning about problems you might have had with it.
> 
> Also, I would love to hear from those of you who it works great for.

In favour to poppassd I cut/paste the first paragraph from README file:

---
The idea is that poppassd daemon is never accessible from the outside.
This is intended to work only with WWW interface, such as PopPass by
Jerry Workman <jerry@newwave.net>. It is IMHO more secure and less
complicated than using SUID CGI scripts or CGI wrappers to /bin/passwd.

User fills a WWW form which is then processed by PopPass program.
PopPass checks if the data seems to be correct (passwords are same
and long enough), connects to the poppassd daemon which performs the
real password change.

For better security it is recommended to configure PopPass to connect
to poppassd on localhost and block access to the port 106 from other
machines.
---

-- 
German Poo Caaman~o
mailto:gpoo@ubiobio.cl
http://www.ubiobio.cl/~gpoo/chilelindo.html
"La historia no se lee, se escribe"