Re: web-based password checking tool?

• Previous message: Andy Clements: "Re: cron not running job"
• Maybe in reply to: Fernando Gleiser: "web-based password checking tool?"
• Next in thread: Jon Krause: "Re: web-based password checking tool?"
• Reply: Jon Krause: "Re: web-based password checking tool?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Tue, 14 Dec 2004 13:44:41 -0500
To: freebsd-questions@freebsd.org

The solution I've seen people use in the past is Webmin
(http://www.webmin.com/), but I haven't heard great things about its
security. I would use it cautiously if you are looking for that
functionality. The problem I'd note is that in order to attain
convenience in the traditional sense, one must generally sacrifice
layers of security. In this case, allowing a web interface to change
users' authentication credentials provides risks (compromise,
information leakage, etc.) and rewards (enhanced usability for novice
users, added convenience).
- Hide quoted text -

On Tue, 14 Dec 2004 15:41:07 -0300 (ART), Fernando Gleiser
<fgleiser@cactus.fi.uba.ar> wrote:
> I have a FreeBSD box with more then 400 accounts. the users are
> non-technical, administrative kind of persons.
>
> The box is working as a mail server, with sendmail as MTA and cyrus IMAPd,
> authenticating against the system files (/etc/master.passwd) not using
> SASL.
>
> I need a web based tool to let the users change their passwords, since
> they don't have shell access, a web-based solution seems like the
> only way to let them do it without bothering the admins.

-- 
Best wishes,
Alexander G. Chamandy
Webmaster
www.bsdfreak.org
Your Source For BSD News!
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"

• Previous message: Andy Clements: "Re: cron not running job"
• Maybe in reply to: Fernando Gleiser: "web-based password checking tool?"
• Next in thread: Jon Krause: "Re: web-based password checking tool?"
• Reply: Jon Krause: "Re: web-based password checking tool?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages [VulnWatch] Corsaire Security Advisory - Mitel 3300 ICP web interface DoS issue ... -- Corsaire Security Advisory -- ... Mitel 3300 ICP web interface DoS issue ... session, the Web Interface generates a unique session ID for each user ... Session IDs are generated after authentication and valid sessions are ... (VulnWatch) Re: Email Monitoring ... the second mail server would make a copy ... smart spam protection and 2 months FREE* ... prospectus based upon the core principle concepts of security. ... This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization ... (Security-Basics) [SLE] Xen and multiple copies of SuSE 10 - some thoughts ... I am behind a NAT box with port 25 forwarded. ... One of the ways you can improve security is to have a dedicated mail server ... I do have sufficient disk space where I can run 2 completely separate root ... (SuSE) Re: Whats the best / most popular open-source IMAP server these days? ... turnkey complete mail server solution (of which IMAP service is a ... I would have thought security and spam filtering concerns make ... very low standards for security and reliability. ... a turnkey solution is adopted, but I didn't think that could provide ... (comp.mail.imap) Re: Windows Server 2003 Firewall ... I like placing security as close as possible to the protected asset, ... You can use the Security Configuration Wizard to generate and apply a security template that would permit the necessary ports and services. ... Basically this is a dedicated mail server in a local network behind a hardware firewall. ... Is it worth the trouble to enable Windows firewall in my Exchange box? ... (microsoft.public.exchange.admin)