Topic: Change Password in Imp

[Jim]

I am looking for a way to have people change there password in imp. The reason is that they are external and can't access user-password or user-manager and can't telnet in to change it and dont want to set them up on vpn.

If no one knows of how to allow them to change it threw webmail maybe they can tell me how to allow them access to telnet from the outside. I know this is a security risk, but I would only have the port on the router open while they change there password and then close it. When I telnet in from outside now with a user name that isn't part of admins group and have the port open I get a response from the server that says "Standard user login services has been disabled". There has to be a config file somewhere where I can enable it, anyone know where to enable that.


jim

[Bill Talcott]

If I remember correctly, http://www.e-smith.org/docs/howto/remote-mgr-access-howto.html will allow the specified addresses to access /user-password/ as well, if that helps at all.

SSH is a much better option than plain Telnet, and yes there is a way to change the default user shell. A search should provide plenty of info...

You could also have them create a PPTP VPN connection, which makes their computer part of the internal network, where they would have access to /user-password/ as well.

[jim]

I had already looked at the "howto" but problem with that is you have to know ip address and these are people connecting to there own isp so there ip is always changing. I can't believe there is no way to add a password change to imp...hmmm...maybe they come out with it soon, I know a lot of people I talk to are disappointed about that.

Ill check on enabling the regular user for ssl, but then will have to make sure that  once they ssh in they have limited access, obviously.

Jim

[Rich Lafferty]

I can believe it. IMP is an IMAP *client*. It just talks to the IMAP server
like any other mail program; it has no access to anything *but* the IMAP
server and MySQL.

If your users are coming from everywhere, why not allow password
changes from everywhere -- over https only? You can even edit
/home/httpd/html/horde/imp/config/menu.txt (not templated)
and add a "Change password" link to IMP's menu.

[jim]

I think I understand what your saying about the imap.

Now in regards to allowing change password from everywhere over https...im assuming u mean access to user-passwords externally. According to the "howto" that was referenced above you have to specify ip adress, how would I allow everyone to have access.

and to take it a step furthur, Im assumign this will expose user-manager as well as user-pasword, do u know how to not have it expose user-manager?

I appreciate everyones help.

Jim

[Terry Brummell]

I use a cgi script I found here in the phorum for password changes.  I link to it from the imp main screen and it works fine for what I need.

Terry

[Terry Brummell]

Thanks Rich, just changed my IMP to link to the cgi script from within the mailbox now.  This rocks!



Rich Lafferty wrote:
>
> I can believe it. IMP is an IMAP *client*. It just talks
> to the IMAP server
> like any other mail program; it has no access to anything
> *but* the IMAP
> server and MySQL.
>
> If your users are coming from everywhere, why not allow
> password
> changes from everywhere -- over https only? You can even edit
> /home/httpd/html/horde/imp/config/menu.txt (not templated)
> and add a "Change password" link to IMP's menu.

[Jim]

I just did a search and dont see the script anywhere....do you have it that you can send to me by chance....or show me a link in the phorum to it.

Many thanks

Jim

[Jon Blakely]

Jim,

You dont have to specify an single ip address to use SSL as per the how to for remote access. You can specify 0.0.0.0/0.0.0.0 as an address which will give access from anywhere. Yes it does expose the server-manager to a possible hacking attack, assuming that a hacker knows you are running a SME server. For this reason I would ensure that your admin password is as long and as complex as you can remember. It is the same risk as having public SSH enabled.

Jon

[Jim]

I applied the change as noted in http://www.e-smith.org/docs/howto/remote-mgr-access-howto.html and put a ip of 0.0.0.0/0.0.0.0 and now yes user-password is open for my couple people to change there password external. Also yes this does allow server-manager to be hit from outside, its protected by a password of course. This works and I can just turn off outside access wonce they are done changing passwords so it works perfect....however I wonder about something.

I notice that user-manager is still only accesible from the inside, only server-manager and user-password is accessible from outside. Now I remember seeing somewhere how user-manager was seperate from server manager and user password....so I wonder....can I apply the settings I just did to user-manager and turn off for httpd-admin....that way server-manager isn't exposed but users can user user-manager to change there passwords and away autoresponse and what not....that would be perfect becuase then server-manager goes back inside.

In looking threw the config files in sme to see where I saw that, if anyone knows what I mean and has an idea let me know.

Thanks again everyone for your help.

Jim