On Mon, Apr 12, 2010 at 22:57, Andrew Berg <bahamutzero8825 at gmail.com> wrote: > I need a simple web interface to let users change their passwords. I > don't want them to have shell access since they wouldn't know how to use > it (and it limits what an attacker can do if the account is > compromised). Usermin doesn't always work right, and it seems to screw > up passwords, making it impossible for users to log in via FTP (and > probably other services like HTTP). I want it to be a simple interface > to passwd (Usermin uses MD5 hashes for some reason and passwd uses > SHA-512). I have Apache already set up (and users are authenticated > using their system account credentials; no anonymous users are allowed), > so it doesn't need its own webserver capabilities. > > _______________________________________________ > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > tclug-list at mn-linux.org > http://mailman.mn-linux.org/mailman/listinfo/tclug-list > I wouldn't be using any application that has a critical or mission sensitive role with MD5 hashes. My minimum would be SHA512 or BLOWFISH. For Blowfish a kernel re-compile would be required. If I'm understanding this correctly all your users are or have the ability to SSH to the box but have no shell. Is this some kind of storage mechanism for users? If it is only allow scp of all users and set /etc/passwd to /bin/false If you do this then on the other end since Apache is already in place you can use the certs for your site to generate a https html pages for each user. With that page they can tell what is in their "space" and it allows them to download the files that were scp'd originally by just right clicking on them and saving. The same thing can happen for ftp, but https is more secure. If they want to replace their files they can scp the new one up. As far as password resets the places I worked had to call the help desk and they would reset it for the user and bill the ticket to the appropriate department. We had like 10-12 different applications, main frames and email to handle for these items. VP -- -- If there is a question to the validity of this email please phone for validation. Proudly presented by Mutt, GNUPG, Vi/m and GNU/Linux via CopyLeft. GNU/Linux is about Freedom to compute as you want and need to, and share your work unencumbered and have others do the same with you. Key : 0xD53A8E1