Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I just started a WISP - because I needed another challenge... I'm only offering email service and internet access to my customers. So, when I set up a user account, I give the account a password and then configure the user's computer (usually Windows-based OS) with that password for email access - checking the "save password" check box.
But, how can I allow my customers to change their own passwords without using Secure SSH to login to the server? Preferably, I would like to use a hotlink on a website. Is this an easy set-up on Fedora? If not, then is there a software package that I could install to do this.
So what you are saying is you are usiing FEDORA linux as a mail server, and you want your customers to be able to change their passwords using a simple webpage on a web-browser interface ?
The obviouse sokution is to first install APACHE web server, and use a CGI script to change their password.
Use a simple Form that asks for $1 Username, $2 old password, $3 new password, $4 re-type new password.
then the CGI script runs the passwd command as the username entered in $1 (with password $2) and gives the program the new password in $3 and $4.
its very simple... HOWEVER..
a HUGE word of warning... CGI scipts are famous for being easy to hack. make sure the cgi scripts run with minimal rights, and are protected from code injection exploits.
Thanks for the suggestion. But, I am no longer a programmer (I used to hobby around as one) and was hoping to find something free online that I could incorporate. Thanks for the warning, too. That has me scared enough to not even try to write the script!
then have a look at this project.... http://www.rajeevnet.com/linux/passw...sswd_sync.html
its a webpage that is diesigned for changing UNIX and Windows NIS passwords. but you can edit it to Only change the Unix (Linux) password.
it may take a little tweaking (and the website need re-designing.. its UGLY) but its easy enough.
This looks good. Thanks for the link. I'll give it a try, but how much of a security risk is this? The instructions on that site that is poses a security risk!
I'm still open to other suggestions or links to other projects....
no form of remote login is secure.
loging via telnet means sniffers can get passwords...
logging in via secure shell (ssh) is not much better.... ssh hashes passwords, but the hashed passwords can still be stolen and used to loggin just like a plain text password.
this is even worse over wireles networks... in conventional ethernet, the Hum / Gateway has to be hacked to sniff passwords... or a machine under the controll of the attacker must be attacked to the wire.... but in wireless network, anyone in range can steal passwords.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.