Topic: External Passwords

[Rick]

Hey all,

I know the password thing has been addressed several times here. I have searched the threads and most of them point to the manual. I have read that section of the manual extensively and can find where to send users to change their password internally via the web. But I would like this function for external users as well. External users get the 403 access denied error. Is there a permission I have to change, or a template I have to modify to get this functionality? TIA

Rick

[SpeakEasy]

RTFM - Again Springs to mind !

Read the manual even more closely than "exstensivley" next time

12.1.2. Changing User Passwords
Once they have an active account, your users can set their own passwords by accessing the user-password URL. They do this through their web browsers by visiting the URL www.yourdomain.xxx/user-password (where "www.yourdomain.xxx" is the web server name you entered into the server console). The staff at The Pagan Vegan would visit the URL www.tofu-dog.com/user-password.

To make the change, a user would enter his or her account name (the characters before "@"), the old password and the new password (to ensure accuracy, the screen asks for the new password twice). Note that changing the password for a user in the server manager overrides any previous password entered by your user. Therefore, when a user forgets his password, simply reset it in the server manager.

[Rick]

Speakeasy,

I do appreciate the quote from the manual. and I would have to say ReRead my post. I am aware of where they should go to access this ability, that is not the problem I am addressing in this post. The problem is stated that insiders (LAN) can change thier passwords in the web site, however, remote users (WAN) get a 403 error access denied. If I did not clearly state that I know what the URL is I apologize. I was asking if anyone knows why this is a problem and how to correct it so that REMOTE users can also change thier passwords.

TIA

[Jeff C]

By default, users cannot access the user* panels unless they are on the local net.  This is for security purposes.

The secure way to do this is to have the remote user create a PPTP connection to the server.  Once that is connected the user-panel will see them as a local user and allow access.

-jeff

[Rick Copeland]

Thanks Jeff, but talking my family through that would be a nightmare. You know how hard it is to get family to actually do what you say I found the file that controls this /etc/e-smith/templates/etc/httpd/admin-conf/httpd.conf/90e-smithAcess20password. it has these commands in it.


    order deny,allow
    deny from all
    allow from { $localAccess }
    SetEnv IMGHDR_SRC "/e-smith-common/user-password.jpg"



    order deny,allow
    deny from all
    allow from { $localAccess }
    SetEnv IMGHDR_SRC "/e-smith-common/user-password.jpg"


Being very new to linux what do I replace { $localAccess } with? { $All }? This server isnt really a security risk that I'm afraid of, its just a webserver for family junk and an webmail server for us to yak at each other through. Mostly a dabble tool for me to aquaint myself with linux and have some functionality. But I am open for an explanation of what could happen if I open this functionality up to the free world being as I don't know. Once again TIA

Rick

[Thomas Kristensen]

Hi,

I was thinking more along the lines of modifying /etc/e-smith/templates/etc/httpd/admin-conf/httpd.conf/90e-smithAcess20password to allow access from outside the local network AND ask for authentication like when you access the server manager ie. you have to type a valid username/password to access the page where you can change your password.

I've been playing around with it but haven't had any success so far, basically because I have no idea what the different entries in the files means

If anybody has a conf-file like that I would really appreciate hearing from you...

Regards,
Thomas Kristensen

[Rick Copeland]

Thomas,

I know a custom template can be formed to do this and it will read the changes made from the custom template. I just have no answer as to what should replace the local access line. My original message posed this question but got no response. If I find out I will email the answer to you though.

Rick

[Ken Melton]

Here's the easiest, but perhaps not the most secure method. The following instructions would override the user-password directive to allow access from both WAN and LAN.

Create a file in the folder "/etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf" named "92ProxyPassPassword" with the following contents:


{
# ProxyPass executes a module which relays requests to another server
# We use it to allow transparent access to the admin instance of the
# web server.
}

ProxyPass /e-smith-password http://127.0.0.1:980/user-password/

    order allow,deny
    allow from all


ProxyPass /user-password http://127.0.0.1:980/user-password/

    order allow,deny
    allow from all

[Bill Talcott]

http://www.e-smith.org/docs/howto/remote-mgr-access-howto.html also affects /user-password/, in addition to /server-manager/.