Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
I just started a WISP - because I needed another challenge... I'm only offering email service and internet access to my customers. So, when I set up a user account, I give the account a password and then configure the user's computer (usually Windows-based OS) with that password for email access - checking the "save password" check box.
But, how can I allow my customers to change their own passwords without using Secure SSH to login to the server? Preferably, I would like to use a hotlink on a website. Is this an easy set-up on Fedora? If not, then is there a software package that I could install to do this.
So what you are saying is you are usiing FEDORA linux as a mail server, and you want your customers to be able to change their passwords using a simple webpage on a web-browser interface ?
The obviouse sokution is to first install APACHE web server, and use a CGI script to change their password.
Use a simple Form that asks for $1 Username, $2 old password, $3 new password, $4 re-type new password.
then the CGI script runs the passwd command as the username entered in $1 (with password $2) and gives the program the new password in $3 and $4.
its very simple... HOWEVER..
a HUGE word of warning... CGI scipts are famous for being easy to hack. make sure the cgi scripts run with minimal rights, and are protected from code injection exploits.
Thanks for the suggestion. But, I am no longer a programmer (I used to hobby around as one) and was hoping to find something free online that I could incorporate. Thanks for the warning, too. That has me scared enough to not even try to write the script!
then have a look at this project.... http://www.rajeevnet.com/linux/passw...sswd_sync.html
its a webpage that is diesigned for changing UNIX and Windows NIS passwords. but you can edit it to Only change the Unix (Linux) password.
it may take a little tweaking (and the website need re-designing.. its UGLY) but its easy enough.
no form of remote login is secure.
loging via telnet means sniffers can get passwords...
logging in via secure shell (ssh) is not much better.... ssh hashes passwords, but the hashed passwords can still be stolen and used to loggin just like a plain text password.
this is even worse over wireles networks... in conventional ethernet, the Hum / Gateway has to be hacked to sniff passwords... or a machine under the controll of the attacker must be attacked to the wire.... but in wireless network, anyone in range can steal passwords.