Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: Jack Wolf on November 26, 2001, 02:47:37 AM

Title: Changing user passwords through IMP
Post by: Jack Wolf on November 26, 2001, 02:47:37 AM

I was searching for a way to allow users to change their passwords and I found a related article in the FAQ at http://www.horde.org/

 4.2.9 How can I let users change their password through IMP?
To enable password changes through IMP, set the following in horde/imp/config/defaults.php3:
   $default->change_password = 'poppassd.php3';
   $default->poppassd_server = $SERVER_NAME;
   $default->poppassd_port   = '0';

You will have to install a poppassd server on your IMAP server for the above to work. Note that that poppassd won't work out of the box unless you're using SunOS from 1993; you'll have to tell it what to expect from your passwd command at the top of poppassd.c.
If you're using a recent version of Linux that authenticates via PAM, Jacob Coreil observes that a modified and PAM-ready version of poppassd is also available.

You can also set

   $default->change_password

to the URL of a dedicated password-changing program at your site, or you can change
   $default->poppassd_server

to point to a central password server at your site which runs poppassd.

My question is, has anyone tried this successfully? And, if so, do you have a how-to for it?


Thank you,

Jack Wolf

Title: Re: Changing user passwords through IMP
Post by: JonB on November 26, 2001, 08:10:25 AM

Jack,

E-Smith allows users to change their own passwords "out of the box" using
 
http://my_domain/user-password

Title: Re: Changing user passwords through IMP
Post by: JonB on November 26, 2001, 08:14:12 AM

sorry, that should be

https://my_domain/user-password

Title: Re: Changing user passwords through IMP
Post by: Jack Wolf on November 26, 2001, 08:23:41 AM

I should have been more specific.  The majority of my email users are using webmail from outside the lan.  Opening up the /user-password to the outside world would also give access to /server-manager.  Some of the users will be accessing webmail from remote locations using dial-up so knowing the ip's would be impossible and allowing 0.0.0.0/0.0.0.0 access to my /server-manager just seems unsafe.  

Jack

Title: Re: Changing user passwords through IMP
Post by: Rob Shiras on January 03, 2003, 05:41:15 AM

I too want to allow users to access IMP as well as the server-manager even if they are on a dial-up from a remote location.  Is the login dialog secure enough to restrict access to users only?