I have been contemplating setting up a method to allow my email users to change their password. I have set my system up so they all use the same account (popuser) but pop authentication is done with the /var/qmail/users/poppasswd file instead. I wrote a perl script to behaive much the same way the standard passwd command does, and could easily write other scripts that can manipulate this file. The problem is, how do I handle allowing users to change passwords securely? I have thought of running a cgi script via web, but something about doing a setuid root cgi script scares me a little. Since none of the users have shell access, they cant use ssh or telnet (not even enabled on the server) to connect to the system. A few ideas I have been kicking around is using some sort of spooler, where password change requests are put into a file, then into a directory- which would be called by some program either via cron or a daemon and process the requests. That way any cgi script would be able to submit a request. Another thought I had was via email- user sends email to something like chpasswd at slushpupie.com with their username, old password, and new password and all incoming mail to that account is handled via some program/script. Does anyone have any other ideas? Any comments on the ideas I have? Jay -- Jay Kline list at slushpupie.com http://www.slushpupie.com When you overesteem great hackers, more users become cretins. When you develop encryption, more users become crackers. The Guru leads by emptying user's minds and increasing their quotas, by weakening their ambition and toughening their resolve. When users lack knowledge and desire, management will not try to interfere. Practice not-looping, and everything will fall into place.