Resetting user passwords through php web page
Hi All Linux Experts
We are using LDAP for user authentication & I have set a policy that the password expires after 45 days. But when the password expires users have to request me to set up & now the problem is all the users want a Web page through which they can change or reset their passwords. I have discovered "expect" tool which can run in background for resetting LDAP passwords but I know very little about PHP so please help me to make a secure front end in PHP. Thanks in Advance Sushant Chawla Linux Administrator |
Design a form that will submit the username value using get or post method.
Get that username and set the password using system() function in php. Make sure the script doesnt set root password inadvertently. Also parse the username input so that no other system command is executed. This would be enough to deploy in secured private network..... |
Quote:
Hi Suhas Firstly thanks for the reply. Please tell me how to use system function & currently i am issuing the command like this in action.php page `sudo /changepasswd $username $password` but it is saying you must have tty to set the password. The webserver user is apache & I have given apache user sudo access to run this script. Secondly when I run this script manually from apache user sudo -u apache /changepasswd it is saying only root user can set the user password. |
Quote:
When you call sudo, it knows who you are calling it as .... |
Quote:
|
|
Yes I am using webmin but I want that every body can reset his/her password but giving the access through webmin will disclose many other configurations of my servers to everybody.
Isn't it? |
Hi sushant,
instead of doing following thing in bash prompt -- sudo -u apache /changepasswd username password Do this thing -- su -l apache -c sudo /changepasswd username password That will actually test if apache user can sudo or not.... |
Suhas
Its running but giving the error passwd: only root can specify a user name I have given the following entry in sudoers apache ALL=(ALL) NOPASSWD: ALL Please helppp |
* Comment out following line in visudo
#Defaults requiretty * Allow Apache user to execute command via sudo in visudo apache ALL=(ALL) NOPASSWD: ALL * Execute following command [root@www ~]# su -l apache -s /bin/bash -c "sudo passwd suhas" Changing password for user suhas. New UNIX password: Later you can tighten the security by allowing only passwd command to apache user Regards, |
All times are GMT -5. The time now is 05:38 AM. |