password change

Hi,

What is the best way to change passwords via php?

I was first thinking of using the chpasswd function, but even though I added
an entry for apache to be able to run chpassword vi visudo, but I still get
the following error:

chpasswd: can't lock password file

I've also tried allowing apache to run passwd and get the folloing error:

Only root can do that.

I'm kind of just in the experimenting stage on a development server, so
security is not an issue yet. But what would be the most secure method, I've
read so many different opinions?

Thanks,
Max

"Max" <max@NOSPAMkipness.com> wrote in message
news:F2xVc.5815$FV3.4725@newssvr17.news.prodigy.co m...
> Hi,
>
> What is the best way to change passwords via php?
>
> I was first thinking of using the chpasswd function, but even though I
added
> an entry for apache to be able to run chpassword vi visudo, but I still
get
> the following error:
>
> chpasswd: can't lock password file
>
> I've also tried allowing apache to run passwd and get the folloing error:
>
> Only root can do that.
>
> I'm kind of just in the experimenting stage on a development server, so
> security is not an issue yet. But what would be the most secure method,
I've
> read so many different opinions?
>
> Thanks,
> Max
>
>

suexec?

Max wrote:
> Hi,
>
> What is the best way to change passwords via php?
>
> I was first thinking of using the chpasswd function, but even though I added
> an entry for apache to be able to run chpassword vi visudo, but I still get
> the following error:
>
> chpasswd: can't lock password file
>
> I've also tried allowing apache to run passwd and get the folloing error:
>
> Only root can do that.
>
> I'm kind of just in the experimenting stage on a development server, so
> security is not an issue yet. But what would be the most secure method, I've
> read so many different opinions?
>
> Thanks,
> Max
>
>

Only root can run passwd and change another users password. You are trying to
run it from the account that owns the web server process (nobody?). That won't
work which you have obviously discovered. If you NEED to do this write the
username and password to a file and have a cron job owned by root to check to
see if the file exist say, every 5 minutes and make the change. I would have 3
things in the file.

the authenticated username HTTP_USER I believe and not entered from a text box.
the newpassword
repeat the new password

I would also create the filenames using <some_unique_identifier>.pwchng and
process any file with that extension.

In your cron script, make sure that root CANNOT be changed using this method.
(if username to be changed is root then exit)

This is off the top of my head and would need to understand what is driving the
request for this type of access and to weigh the pros and cons before
implementing it.

Allowing your password file to be accessed from the web is a very dangerous
thing to consider. IMPO, unless you understand ALL of the ramifications of your
code, I would recommend you find another alternative.


--
Michael Austin.
Consultant - Not Available.

> > What is the best way to change passwords via php?
> >
> > I was first thinking of using the chpasswd function, but even though I
added
> > an entry for apache to be able to run chpassword vi visudo, but I still
get
> > the following error:
> >
> > chpasswd: can't lock password file
> >
> > I've also tried allowing apache to run passwd and get the folloing
error:
> >
> > Only root can do that.
> >
> > I'm kind of just in the experimenting stage on a development server, so
> > security is not an issue yet. But what would be the most secure method,
I've
> > read so many different opinions?

> Only root can run passwd and change another users password. You are trying
to
> run it from the account that owns the web server process (nobody?). That
won't
> work which you have obviously discovered. If you NEED to do this write
the
> username and password to a file and have a cron job owned by root to check
to
> see if the file exist say, every 5 minutes and make the change. I would
have 3
> things in the file.
>
> the authenticated username HTTP_USER I believe and not entered from a text
box.
> the newpassword
> repeat the new password
>
> I would also create the filenames using <some_unique_identifier>.pwchng
and
> process any file with that extension.
>
> In your cron script, make sure that root CANNOT be changed using this
method.
> (if username to be changed is root then exit)
>
> This is off the top of my head and would need to understand what is
driving the
> request for this type of access and to weigh the pros and cons before
> implementing it.

What is driving this is the need for a tech staff to be able to change
sendmail passwords via a web application. These are Microsoft people that
are not going to be able to/want to ssh to the server to change passwords.
Plus, the PHP technology is there and I want to use it. I have a very nice
application for managing Sendmail that is in the works and I'm just trying
to figure out the best approach for running the following commands,
chpasswd, adduser, usermod.

I've read about the 'writing to a file' approach and although it seems like
the most secure option, I don't like the fact that if someone in one of our
hosted domains changes a users password, he has to wait 5 minutes. I'd like
it to be instantaneous. Any idea what the impact would be on resources to
run a cron job every 1 minute that runs a perl script that parses a file
looking for new users, changes to user data (usermod) and password changes?
Would it be minimal enough to consider as a viable option?

What I've done that has made it work, is setuid on chgpasswd (chmod 4755
/usr/sbin/chpasswd). If this is an internal app only (not accessible to the
internet) would this be a big concern? If this were accessible to the
internet, how might someone run chgpasswd outside of the app? By trying to
pipe the command just from the browser address bar? The app would obviously
have authentication and be served via SSL.

Thanks,
Max