Topic: Howto allow https://www/user-password from anywhere on net

[zoi]

New setup, SME works great in everyway with a few minor exceptions, one of which is..

How to you allow anyone on the internet to change their password from the http://..../user-password screen ?

Currently all anyone receives is a forbidden message.
I've tried everything I can imagine in the /server-manager menu area.

[mophilly]

As far as I know, only the administrator can change the user password. There may be a how-to or mod kit but I haven't needed this functionality and so haven't looked for one.

[NickR]

It can be done, but you should give very serious consideration to the security implications of doing so.

If you are determined to do it, here's how:

In server manager, go to Security / Remote Access

In remote management, add the network 0.0.0.0 with a netmask of 0.0.0.0

[del]

Hi,

As far as I know, only the administrator can change the user password. There may be a how-to or mod kit but I haven't needed this functionality and so haven't looked for one.

You need the user-manager contrib from dungog.net and then the user can change their own password from within the local network.
Regards,
del

[shanen]

Hi,

As far as I know, only the administrator can change the user password. There may be a how-to or mod kit but I haven't needed this functionality and so haven't looked for one.

You need the user-manager contrib from dungog.net and then the user can change their own password from within the local network.
Regards,
del

Then setup PPTP for your remote users with strong passwords...

[zoi]

Thanks for your contributions everyone.

Setting up remote system access with 0.0.0.0 and subnet mask of 0.0.0.0 does not seem to work.

The theory of using pptp is not acceptable for my needs.

I want to simply force a secure session https://....../user-password but otherwise allow it from outside the local network.

I guess I'll work on it further.

I was hoping for a some information on where to edit the user-password area manually within SME if the option was not available through the server-manager.

[gregswallow]

I think it would be best to integrate password changing into Webmail - there is an addon for IMP here: http://www.horde.org/passwd/

I'd warn you it doesn't seem to be compatible with SME 'out of the box', some modifications would be necessary, but I had no clue what they would be.  I had tried it and couldn't get it to work - but don't let that discourage you from trying  Just try it on a test server.

[zoi]

That looks like a goer, thanks for that.

I'll report back If I get it working.

[kd4rdb]

If you set the remote system access to 0.0.0.0 with a subnetmask of 0.0.0.0 , your users will be able to change their passwords at https://yourdomain.com/user-manager .  If they use HTTP: , they will get a "forbidden" page.

Wes