Does such a thing exist? There are dozens, but none seems very good.
By good I mean:
- Has been maintained more recently than 4 years ago.
- Works via PAM (and just plain works)
- Is not awful to install
- Doesn't make you do weird stuff like running a SUID httpd (yes, I actually saw that once)
- secure (audited?)
- readable sources
- runs as a non-privileged user.
Usually this would be a SUID root cgi-bin, which is somewhat scary, and it would seem to me unnecessary.
Since the user will provide the current password, it should be possible for a non-privileged process to first switch to the desired user and then change the password, right?
Maybe someone can tell me. Or do I have to write it? I mean, it's going to be a python CGI if I do, and noone's gonna like it ;-)