LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 10-12-2004, 10:58 PM   #1
ooorah
LQ Newbie
 
Registered: Oct 2004
Location: Clarksville, MD
Distribution: CentOS5
Posts: 23

Rep: Reputation: 15
Windows-based remote users ned to change password


I just started a WISP - because I needed another challenge... I'm only offering email service and internet access to my customers. So, when I set up a user account, I give the account a password and then configure the user's computer (usually Windows-based OS) with that password for email access - checking the "save password" check box.

But, how can I allow my customers to change their own passwords without using Secure SSH to login to the server? Preferably, I would like to use a hotlink on a website. Is this an easy set-up on Fedora? If not, then is there a software package that I could install to do this.

I am using Sendmail...

Thanks,
Tom
 
Old 10-13-2004, 08:19 AM   #2
qwijibow
Guru
 
Registered: Apr 2003
Location: nottingham england
Distribution: Gentoo
Posts: 2,672

Rep: Reputation: 47
So what you are saying is you are usiing FEDORA linux as a mail server, and you want your customers to be able to change their passwords using a simple webpage on a web-browser interface ?

The obviouse sokution is to first install APACHE web server, and use a CGI script to change their password.
Use a simple Form that asks for $1 Username, $2 old password, $3 new password, $4 re-type new password.

then the CGI script runs the passwd command as the username entered in $1 (with password $2) and gives the program the new password in $3 and $4.

its very simple... HOWEVER..

a HUGE word of warning... CGI scipts are famous for being easy to hack. make sure the cgi scripts run with minimal rights, and are protected from code injection exploits.
 
Old 10-13-2004, 08:32 AM   #3
ooorah
LQ Newbie
 
Registered: Oct 2004
Location: Clarksville, MD
Distribution: CentOS5
Posts: 23

Original Poster
Rep: Reputation: 15
Thanks for the suggestion. But, I am no longer a programmer (I used to hobby around as one) and was hoping to find something free online that I could incorporate. Thanks for the warning, too. That has me scared enough to not even try to write the script!

Anything else?
 
Old 10-13-2004, 10:58 AM   #4
qwijibow
Guru
 
Registered: Apr 2003
Location: nottingham england
Distribution: Gentoo
Posts: 2,672

Rep: Reputation: 47
Okay...

then have a look at this project....
http://www.rajeevnet.com/linux/passw...sswd_sync.html
its a webpage that is diesigned for changing UNIX and Windows NIS passwords. but you can edit it to Only change the Unix (Linux) password.
it may take a little tweaking (and the website need re-designing.. its UGLY) but its easy enough.
 
Old 10-13-2004, 04:39 PM   #5
ooorah
LQ Newbie
 
Registered: Oct 2004
Location: Clarksville, MD
Distribution: CentOS5
Posts: 23

Original Poster
Rep: Reputation: 15
This looks good. Thanks for the link. I'll give it a try, but how much of a security risk is this? The instructions on that site that is poses a security risk!

I'm still open to other suggestions or links to other projects....

Thanks again
 
Old 10-13-2004, 05:57 PM   #6
qwijibow
Guru
 
Registered: Apr 2003
Location: nottingham england
Distribution: Gentoo
Posts: 2,672

Rep: Reputation: 47
no form of remote login is secure.
loging via telnet means sniffers can get passwords...
logging in via secure shell (ssh) is not much better.... ssh hashes passwords, but the hashed passwords can still be stolen and used to loggin just like a plain text password.

this is even worse over wireles networks... in conventional ethernet, the Hum / Gateway has to be hacked to sniff passwords... or a machine under the controll of the attacker must be attacked to the wire.... but in wireless network, anyone in range can steal passwords.

its impossible to make this secure.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
howto change samba password remotely from a windows client? yafrank Linux - Networking 8 08-04-2013 12:16 PM
Change Samba password from Windows bsherwood Linux - Software 2 06-03-2005 08:28 AM
howto change samba password remotely from a windows client? yafrank Linux - Software 2 01-21-2005 12:14 PM
How to make Samba users change password on first use eflester Linux - Security 0 10-12-2004 06:41 PM
Change password from windows xp to samba fidelis Linux - Newbie 1 09-20-2004 08:54 AM


All times are GMT -5. The time now is 04:02 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration