Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: Mark on August 16, 2000, 06:40:22 PM

Title: e-smith-password access
Post by: Mark on August 16, 2000, 06:40:22 PM

I would like to permanently allow access to the /e-smith-password page to anyone
(so remote users can change their password)...which file would I have to edit to accomplish this?

Title: RE: e-smith-password access
Post by: Gordon Rowell on August 16, 2000, 06:49:03 PM

Mark wrote:

> I would like to permanently allow access to the
> /e-smith-password page to anyone (so remote users can change
> their password)...which file would I have to edit to accomplish
> this?

You may think this a glib answer, but please don't do this. The current
e-smith-password page does not use SSL encryption, so you will be
significantly reducing the security of your system.

A much better solution (with the current configuration) is to install SSH
and use SSH port forwarding to allow remote access to the e-smith
panels over an encrypted tunnel.

Gordon

Title: RE: e-smith-password access
Post by: Markus Räipiö on August 17, 2000, 06:56:30 PM

Gordon is absolutely right... DO NOT allow unsecured connections to your server ... IP-packets are so easy to capture when they run around free and not crypted ! Take my word or at least believe what Gordon is telling also about this thing.
Best wishes,
Markus