A good web-based password changer?
Does such a thing exist? There are dozens, but none seems very good.
By good I mean:
Has been maintained more recently than 4 years ago.
Works via PAM (and just plain works)
Is not awful to install
Doesn't make you do weird stuff like running a SUID httpd (yes, I actually saw that once)
secure (audited?)
readable sources
runs as a non-privileged user.
Usually this would be a SUID root cgi-bin, which is somewhat scary, and it would seem to me unnecessary.
Since the user will provide the current password, it should be possible for a non-privileged process to first switch to the desired user and then change the password, right?
Maybe someone can tell me. Or do I have to write it? I mean, it's going to be a python CGI if I do, and noone's gonna like it ;-)
I believe Horde (horde.org) have a module that does password changing - it's done using an expect script calling passwd, so you don't need to worry about letting your web server have access /etc/passwd either.
It also covers things like .forwards and vacation messages.
Yes, it does. So does squirrelmail and a few other webmail packages.
However, installing HORDE to change passwords is not really what I would call simple ;-)
I'm looking more for a one-file thing, rather than a multimegabyte application server framework.