Koozali.org: home of the SME Server
Legacy Forums => General Discussion (Legacy) => Topic started by: Rick on August 07, 2002, 07:34:07 AM
-
Hey all,
I know the password thing has been addressed several times here. I have searched the threads and most of them point to the manual. I have read that section of the manual extensively and can find where to send users to change their password internally via the web. But I would like this function for external users as well. External users get the 403 access denied error. Is there a permission I have to change, or a template I have to modify to get this functionality? TIA
Rick
-
RTFM - Again Springs to mind !
Read the manual even more closely than "exstensivley" next time :-)
12.1.2. Changing User Passwords
Once they have an active account, your users can set their own passwords by accessing the user-password URL. They do this through their web browsers by visiting the URL www.yourdomain.xxx/user-password (where "www.yourdomain.xxx" is the web server name you entered into the server console). The staff at The Pagan Vegan would visit the URL www.tofu-dog.com/user-password.
To make the change, a user would enter his or her account name (the characters before "@"), the old password and the new password (to ensure accuracy, the screen asks for the new password twice). Note that changing the password for a user in the server manager overrides any previous password entered by your user. Therefore, when a user forgets his password, simply reset it in the server manager.
-
Speakeasy,
I do appreciate the quote from the manual. and I would have to say ReRead my post. I am aware of where they should go to access this ability, that is not the problem I am addressing in this post. The problem is stated that insiders (LAN) can change thier passwords in the web site, however, remote users (WAN) get a 403 error access denied. If I did not clearly state that I know what the URL is I apologize. I was asking if anyone knows why this is a problem and how to correct it so that REMOTE users can also change thier passwords.
TIA
-
By default, users cannot access the user* panels unless they are on the local net. This is for security purposes.
The secure way to do this is to have the remote user create a PPTP connection to the server. Once that is connected the user-panel will see them as a local user and allow access.
-jeff
-
Thanks Jeff, but talking my family through that would be a nightmare. You know how hard it is to get family to actually do what you say :) I found the file that controls this /etc/e-smith/templates/etc/httpd/admin-conf/httpd.conf/90e-smithAcess20password. it has these commands in it.
order deny,allow
deny from all
allow from { $localAccess }
SetEnv IMGHDR_SRC "/e-smith-common/user-password.jpg"
order deny,allow
deny from all
allow from { $localAccess }
SetEnv IMGHDR_SRC "/e-smith-common/user-password.jpg"
Being very new to linux what do I replace { $localAccess } with? { $All }? This server isnt really a security risk that I'm afraid of, its just a webserver for family junk and an webmail server for us to yak at each other through. Mostly a dabble tool for me to aquaint myself with linux and have some functionality. But I am open for an explanation of what could happen if I open this functionality up to the free world being as I don't know. Once again TIA
Rick
-
Hi,
I was thinking more along the lines of modifying /etc/e-smith/templates/etc/httpd/admin-conf/httpd.conf/90e-smithAcess20password to allow access from outside the local network AND ask for authentication like when you access the server manager ie. you have to type a valid username/password to access the page where you can change your password.
I've been playing around with it but haven't had any success so far, basically because I have no idea what the different entries in the files means :-)
If anybody has a conf-file like that I would really appreciate hearing from you...
Regards,
Thomas Kristensen
-
Thomas,
I know a custom template can be formed to do this and it will read the changes made from the custom template. I just have no answer as to what should replace the local access line. My original message posed this question but got no response. If I find out I will email the answer to you though.
Rick
-
Here's the easiest, but perhaps not the most secure method. The following instructions would override the user-password directive to allow access from both WAN and LAN.
Create a file in the folder "/etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf" named "92ProxyPassPassword" with the following contents:
{
# ProxyPass executes a module which relays requests to another server
# We use it to allow transparent access to the admin instance of the
# web server.
}
ProxyPass /e-smith-password http://127.0.0.1:980/user-password/
order allow,deny
allow from all
ProxyPass /user-password http://127.0.0.1:980/user-password/
order allow,deny
allow from all
-
http://www.e-smith.org/docs/howto/remote-mgr-access-howto.html also affects /user-password/, in addition to /server-manager/.