[sork] Real Unix POPPassword change?

Eric Rostetter eric.rostetter at physics.utexas.edu
Tue Aug 16 10:58:59 PDT 2005


Quoting allmoto allmoto <allmotofun at yahoo.com.ar>:

> Sorry, i think i did the question the wrong way.
> 
> I ´ve read on the docs that you need an ldap server,
> and  a samba server

No.  You may use an ldap server, or you may use a samba server, but you
are not required to have either of those.

> , but my question was if i can
> change pop passwords directly with the linux passwd
> command, not using ldap or samba.

You can do so with a poppassd daemon running on the linux machine, or
with the expect driver (local, ssh/telnet connection to a remote machine,
etc).

> Is there any way to
> custom the plugin to use directly the linux passwd
> command ?

I don't think anyone has a driver yet to do a local password command.
Instead, most use poppassd for that.

You could write such a driver, but I wouldn't recommend it (since it would
normally run under the web server user, and hence have trouble changing the
password, unless you run it as root or setuid root or something, which
really isn't advisable, etc).

I'd look at implementing poppassd instead, and use that driver.

But theoretically you could write a local password changing routine, set
it setuid root, have it not care that the web server user is changing other
people's passwords, and have that work...  But that is also a lot of work
probably, and an interesting security issue...

> Thanks.


-- 
Eric Rostetter
The Department of Physics
The University of Texas at Austin
 
Why get even? Get odd!



More information about the sork mailing list