2004-09-24 12:10

A good web-based password changer?

Does such a thing exist? There are dozens, but none seems very good.

By good I mean:

  • Has been maintained more recently than 4 years ago.
  • Works via PAM (and just plain works)
  • Is not awful to install
  • Doesn't make you do weird stuff like running a SUID httpd (yes, I actually saw that once)
  • secure (audited?)
  • readable sources
  • runs as a non-privileged user.

Usually this would be a SUID root cgi-bin, which is somewhat scary, and it would seem to me unnecessary.

Since the user will provide the current password, it should be possible for a non-privileged process to first switch to the desired user and then change the password, right?

Maybe someone can tell me. Or do I have to write it? I mean, it's going to be a python CGI if I do, and noone's gonna like it ;-)


Comments powered by Disqus

Contents © 2000-2019 Roberto Alsina