Re: [webmin-devel] Anonymous Account Activation

[Bill M. <bm...@ud...>]

Hi, I have been working on a module to do as described below. I am using
the webmin passwd module method passwd::change_password to do the actual
password change. I think I found either a bug or something that could use
clarification. It seems that if you don't use the passwd::find_user method
to get the user hash that is an argument to change_password it behaves
unexpectedly.

For example, on our system if you try to change an ldap user's password it
will fail to check ldap-useradmin for the user and default to useradmin
(i.e. writing to /etc/shadow). I guess since it doesn't find the user it
silently over-writes the first row of /etc/shadow which is often root.
This happened in testing a few times and is obviously not good.

I think the reason is that find_user sets $user->{'mod'} whereas it looks
like other components use $user->{'module'} to set which module the user
is in. When I change that it works using user hashes from other functions.
I don't know if this is considered a bug, but you might want to give a
warning in the passwd module code so future module writers don't have all
kinds of errors in their /etc/shadow.

> On 23/Jan/2008 14:18 Bill Moyers wrote ..
>> Hello, we are looking to allow anonymous account activation for mailbox
>> users. In other words, creating a mailbox user would send mail to the
>> person's alternate address containing an activation url where they would
>> choose a password. This is to avoid having to send a placeholder
>> password
>> over email. I could not find an existing module to do this in
>> virtualmin.
>> Does anyone know if such a module exists?
>
> There is no module like this currently, but there is one that allows users
> to sign up for mailboxes (and pick passwords) without needing a Webmin
> login.
> See : http://www.webmin.com/cgi-bin/search_third.cgi?search=mailbox+signup
>
> Not exactly the same, but similar ..
>
>  - Jamie
>