From: Roddie H. <ro...@kr...> - 2004-05-01 17:33:02
|
OS: FreeBSD 4.9-STABLE Web Server: Apache 1.3.29 nobody/nobodya PHP 4.3.5 SquirrelMail 1.5.0 ./change_passwd directory below I'm trying to setup the Change Passwd plugin and am not having very good luck. I'm using FreeBSD, so I'm trying to use the pw feature. I've set: $pathToPw = '/usr/sbin/pw'; When I try to change a password, I get the following error: "An error has occurred while attempting to change your password. Please contact your system administrator." Turning "$seeOutput" and "$debug" on don't give me too much more information, either. Command output: Return code: pw: That's it. I've double checked paths and configuration, and everything seems fine. On a side note - When I turn OFF "$confirmOldPass", I get a message saying that my old password is wrong. Any tips would be appreciated. Regards, Roddie total 88 drwxr-xr-x 3 root wheel 512 Apr 30 13:08 ./ drwxr-xr-x 20 www www 512 Apr 29 22:12 ../ -rw-r--r-- 1 root wheel 15802 Apr 22 20:10 COPYING -rw-r--r-- 1 root wheel 2120 Apr 23 06:26 INSTALL -rw-r--r-- 1 root wheel 8771 Apr 26 07:49 README -rwsr-x--- 1 root nobody 17917 Apr 25 13:00 chpasswd* -rw-r--r-- 1 root wheel 7094 Apr 25 13:00 chpasswd.c -rw-r--r-- 1 root wheel 1476 Apr 30 12:29 config.php -rw-r--r-- 1 root wheel 1528 Apr 23 01:10 config.php.sample -rw-r--r-- 1 root wheel 610 Apr 26 03:13 exec_test.php -rw-r--r-- 1 root wheel 1285 Apr 25 12:33 functions.php -rwxr--r-- 1 root wheel 114 Apr 23 05:57 getpot* -rw-r--r-- 1 root wheel 486 Apr 9 2003 index.php drwxr-xr-x 3 root wheel 512 Apr 25 13:43 locale/ -rw-r--r-- 1 root wheel 10064 Apr 26 07:48 options.php -rw-r--r-- 1 root wheel 788 Apr 22 20:12 setup.php -rw-r--r-- 1 root wheel 18 Apr 22 20:12 version |
From: Roddie H. <ro...@kr...> - 2004-04-30 19:52:30
|
OS: FreeBSD 4.9-STABLE Web Server: Apache 1.3.29 nobody/nobodya PHP 4.3.5 SquirrelMail 1.5.0 ./change_passwd directory below I'm trying to setup the Change Passwd plugin and am not having very good luck. I'm using FreeBSD, so I'm trying to use the pw feature. I've set: $pathToPw = '/usr/sbin/pw'; When I try to change a password, I get the following error: "An error has occurred while attempting to change your password. Please contact your system administrator." Turning "$seeOutput" and "$debug" on don't give me too much more information, either. Command output: Return code: pw: That's it. I've double checked paths and configuration, and everything seems fine. On a side note - When I turn OFF "$confirmOldPass", I get a message saying that my old password is wrong. Any tips would be appreciated. Regards, Roddie total 88 drwxr-xr-x 3 root wheel 512 Apr 30 13:08 ./ drwxr-xr-x 20 www www 512 Apr 29 22:12 ../ -rw-r--r-- 1 root wheel 15802 Apr 22 20:10 COPYING -rw-r--r-- 1 root wheel 2120 Apr 23 06:26 INSTALL -rw-r--r-- 1 root wheel 8771 Apr 26 07:49 README -rwsr-x--- 1 root nobody 17917 Apr 25 13:00 chpasswd* -rw-r--r-- 1 root wheel 7094 Apr 25 13:00 chpasswd.c -rw-r--r-- 1 root wheel 1476 Apr 30 12:29 config.php -rw-r--r-- 1 root wheel 1528 Apr 23 01:10 config.php.sample -rw-r--r-- 1 root wheel 610 Apr 26 03:13 exec_test.php -rw-r--r-- 1 root wheel 1285 Apr 25 12:33 functions.php -rwxr--r-- 1 root wheel 114 Apr 23 05:57 getpot* -rw-r--r-- 1 root wheel 486 Apr 9 2003 index.php drwxr-xr-x 3 root wheel 512 Apr 25 13:43 locale/ -rw-r--r-- 1 root wheel 10064 Apr 26 07:48 options.php -rw-r--r-- 1 root wheel 788 Apr 22 20:12 setup.php -rw-r--r-- 1 root wheel 18 Apr 22 20:12 version |
From: Tomas K. <to...@us...> - 2004-05-02 10:12:11
|
> OS: FreeBSD 4.9-STABLE > Web Server: Apache 1.3.29 nobody/nobodya > PHP 4.3.5 > SquirrelMail 1.5.0 http://www.freebsd.org/cgi/url.cgi?ports/mail/poppassd/pkg-descr FreeBSD includes poppassd in ports. Have you tried change_pass plugin? http://www.squirrelmail.org/plugin_view.php?id=21 -- Tomas |
From: p d. t. <pdo...@an...> - 2004-05-03 22:47:42
|
> OS: FreeBSD 4.9-STABLE > Web Server: Apache 1.3.29 nobody/nobodya > PHP 4.3.5 > SquirrelMail 1.5.0 > ./change_passwd directory below > > I'm trying to setup the Change Passwd plugin and am not having very good > luck. I'm using FreeBSD, so I'm trying to use the pw feature. I've set: > > $pathToPw = '/usr/sbin/pw'; > > When I try to change a password, I get the following error: > > "An error has occurred while attempting to change your password. Please > contact your system administrator." > > Turning "$seeOutput" and "$debug" on don't give me too much more > information, either. > > Command output: > Return code: pw: > > That's it. I've double checked paths and configuration, and everything > seems fine. Looks like pw is the culprit -- it's not giving us anything useful, is it? Try doing $debug=1 and running it on the command line. Make sure that pw actually works before trying to use it through the plugin. Also note that having pw lying around with execute permissions for the web server is a security risk, since pw does not require the old password... > On a side note - When I turn OFF "$confirmOldPass", I get a message saying > that my old password is wrong. Thanks; that was a bug. If you want to fix, find this line in options.php (maybe around line 140): if ($currentPassword != $old_pw) Change to this: if ($confirmOldPass && $currentPassword != $old_pw) - Paul |
From: Roddie H. <ro...@kr...> - 2004-05-07 00:23:11
|
Hi Paul, > Looks like pw is the culprit -- it's not giving us anything useful, is > it? Try doing $debug=1 and running it on the command line. Make sure > that pw actually works before trying to use it through the plugin. Also > note that having pw lying around with execute permissions for the web > server is a security risk, since pw does not require the old password... Not sure what all to run on the command line - I did try pw manually with a "pw usermod <username> -h 0" and it prompted for the new password and then exits with the new password in effect. Unfortunately, chpasswd doesn't work for me, and I'm unable to compile it (haven't messed with it much, though) - Someone else suggested a similar plugin, but I like that I have an option to use a built-in FreeBSD tool. > Thanks; that was a bug. If you want to fix, find this line in > options.php (maybe around line 140): > > if ($currentPassword != $old_pw) > > Change to this: > > if ($confirmOldPass && $currentPassword != $old_pw) Done, thanks! Thanks for any tips! Roddie |
From: p d. t. <pdo...@an...> - 2004-05-07 00:48:29
|
>>Looks like pw is the culprit -- it's not giving us anything useful, is >>it? Try doing $debug=1 and running it on the command line. Make sure >>that pw actually works before trying to use it through the plugin. Also >>note that having pw lying around with execute permissions for the web >>server is a security risk, since pw does not require the old password... > > Not sure what all to run on the command line - I did try pw manually with Whatever it tells you when you set $debug = 1; Doesn't it give you the directory and the pw command? > a "pw usermod <username> -h 0" and it prompted for the new password and > then exits with the new password in effect. > > Unfortunately, chpasswd doesn't work for me, and I'm unable to compile it > (haven't messed with it much, though) - Someone else suggested a similar > plugin, but I like that I have an option to use a built-in FreeBSD tool. Again, note that the web server needs access to that tool (which might be your problem), and giving access to the web server to a tool that doesn't require the old password first is something of a security hole. The other option might actually be smarter. - paul |
From: Roddie H. <ro...@kr...> - 2004-05-07 01:13:25
|
Hi Paul, Thanks for your reply! > Whatever it tells you when you set $debug = 1; > Doesn't it give you the directory and the pw command? Nope, only what was in my original message: Command output: Return code: pw: That's everything that I get with debug and seeOutput both turned on - Not much. :-( > > Unfortunately, chpasswd doesn't work for me, and I'm unable to compile it > > (haven't messed with it much, though) - Someone else suggested a similar > > plugin, but I like that I have an option to use a built-in FreeBSD tool. > > Again, note that the web server needs access to that tool (which might > be your problem), and giving access to the web server to a tool that > doesn't require the old password first is something of a security hole. > The other option might actually be smarter. True - I'm at the point right now though where I want to know why this doesn't work. :-D popasswd doesn't seem any more secure, though. My problem with chpasswd is that it doesn't run (ELF error), and I haven't bothered trying to figure out why it won't compile. Roddie |
From: p d. t. <pdo...@an...> - 2004-05-07 02:29:48
|
>>Whatever it tells you when you set $debug = 1; >>Doesn't it give you the directory and the pw command? > > Nope, only what was in my original message: > > Command output: > Return code: pw: > > That's everything that I get with debug and seeOutput both turned on - Not > much. :-( $debug, not $seeOutput please read README file/TROUBLESHOOTING section - paul >>>Unfortunately, chpasswd doesn't work for me, and I'm unable to compile it >>>(haven't messed with it much, though) - Someone else suggested a similar >>>plugin, but I like that I have an option to use a built-in FreeBSD tool. >> >>Again, note that the web server needs access to that tool (which might >>be your problem), and giving access to the web server to a tool that >>doesn't require the old password first is something of a security hole. >> The other option might actually be smarter. > > > True - I'm at the point right now though where I want to know why this > doesn't work. :-D popasswd doesn't seem any more secure, though. My > problem with chpasswd is that it doesn't run (ELF error), and I haven't > bothered trying to figure out why it won't compile. |
From: Roddie H. <ro...@kr...> - 2004-05-07 02:48:39
|
> >>Whatever it tells you when you set $debug = 1; > >>Doesn't it give you the directory and the pw command? > > > > Nope, only what was in my original message: > > > > Command output: > > Return code: pw: > > > > That's everything that I get with debug and seeOutput both turned on - Not > > much. :-( > > $debug, not $seeOutput See above (and original email) - I've tried with both of these turned on as well as individually. It seems to be ignoring the $debug setting when pw is used. Actually, looking at the code (I am not a programmer in any way, so forgive my amateur analysis), it looks like the $debug check only exists in the chpasswd loop, not the pw loop. Nevertheless, I have tried with $debug and have gotten no output. > please read README file/TROUBLESHOOTING section Did that a few times before emailing the list. :-) Regards, Roddie |
From: p d. t. <pdo...@an...> - 2004-05-07 03:38:46
|
>>>>Whatever it tells you when you set $debug = 1; >>>>Doesn't it give you the directory and the pw command? >>> >>>Nope, only what was in my original message: >>> >>>Command output: >>>Return code: pw: >>> >>>That's everything that I get with debug and seeOutput both turned on - Not >>>much. :-( >> >>$debug, not $seeOutput > > > See above (and original email) - I've tried with both of these turned on > as well as individually. It seems to be ignoring the $debug setting when > pw is used. Actually, looking at the code (I am not a programmer in any > way, so forgive my amateur analysis), it looks like the $debug check only > exists in the chpasswd loop, not the pw loop. > > Nevertheless, I have tried with $debug and have gotten no output. /me slaps self on forehead sorry, i sometimes blaze through emails faster than i should. you are entirely correct. pw is called by opening a pipe thru php, so debugging is a bit different. the only things I can think of are: - turn on PHP errors or use the new Debugger plugin to see if PHP is trying to tell you about any problems - contact Rickard Lind, the person who added this functionality to the plugin (address in README file) otherwise, I don't really have any means of helping you (and still think that Tomas is right - the other plugin is probably better anyway) >>please read README file/TROUBLESHOOTING section > > Did that a few times before emailing the list. :-) and you certainly deserve all the thanks in the world for that! - paul |
From: Tomas K. <to...@us...> - 2004-05-07 13:00:38
|
> :-D popasswd doesn't seem any more secure, though. My > problem with chpasswd is that it doesn't run (ELF error), and I haven't > bothered trying to figure out why it won't compile. if you use xinetd instead of inetd, you can bind poppassd only on localhost. If you prefer inetd - you can always rely of firewall. poppassd is universal way of changing passwords. You can provide cgi page that allows changing password, you can use it in squirrelmail, users can use Eudora and other programs that support poppassd. |
From: Benny P. <me...@ju...> - 2004-05-07 16:37:02
|
<citat hvem=3D"Tomas Kuliavas"> >> :-D popasswd doesn't seem any more secure, though. My >> problem with chpasswd is that it doesn't run (ELF error), and I haven'= t >> bothered trying to figure out why it won't compile. > if you use xinetd instead of inetd, you can bind poppassd only on local= host. this is not true, xinetd can bind to all ips, man xinetd > If you prefer inetd - you can always rely of firewall. :) > poppassd is universal way of changing passwords. You can provide cgi pa= ge > that allows changing password, you can use it in squirrelmail, users ca= n > use Eudora and other programs that support poppassd. and microsoft created hotmail :-) |
From: Jonathan A. <jo...@sq...> - 2004-05-07 17:18:16
|
Hello Benny, On Friday, May 07, 2004, Benny Pedersen wrote... >>> :-D popasswd doesn't seem any more secure, though. My problem with >>> chpasswd is that it doesn't run (ELF error), and I haven't >>> bothered trying to figure out why it won't compile. >> if you use xinetd instead of inetd, you can bind poppassd only on >> localhost. > this is not true, xinetd can bind to all ips, man xinetd He said "can" bind poppassd to localhost... This would be a security step, as surely you wouldn't want to make it listen to all addresses unless you're running from a remote location. xinetd and inetd both support limiting connections to a specific address. -- Jonathan Angliss (jo...@sq...) Posting Hints: http://article.gmane.org/gmane.mail.squirrelmail.user/16718 |
From: Tomas K. <to...@us...> - 2004-05-07 17:35:41
|
> <citat hvem="Tomas Kuliavas"> > >>> :-D popasswd doesn't seem any more secure, though. My >>> problem with chpasswd is that it doesn't run (ELF error), and I haven't >>> bothered trying to figure out why it won't compile. >> if you use xinetd instead of inetd, you can bind poppassd only on >> localhost. > > this is not true, xinetd can bind to all ips, man xinetd Yes, it is true. with xinetd you can bind to localhost only. I haven't said you can't bind to all interfaces with xinetd. I've said that you can bind service to 127.0.0.1 address only. |
From: Ricardo S. <st...@ri...> - 2004-05-07 17:43:33
|
There's a bug with retrieveuserdata v0.9 in the ldap.php file... Line 32 reads: require_once('../config/config.php'); This makes several plugins to fail (sqspell, weather...). Either putting in the full path, or changing as below seem to do the trick... require_once(SM_PATH . 'config/config.php'); My .02... |