Menu
▾
▴
Re: More secure 'passwd' module?
|
From: Scott M. <sco...@ya...> - 2002-06-04 10:26:10
|
Ah, OK. I have not tried that. I did see that 2 of the 3 CGIs (I think index.cgi and update_passwd.cgi) used some kind of lookup to control access. the save_passwd.cgi did not, however. The first one seems to have the access control build right in, while the second CGI did a lookup from a library routine. The third had no apparent lookup. I am hoping to make a really secure and restrictable set of modules available to helpdesk... --- Jamie Cameron <jca...@we...> wrote: > Scott MacKay wrote: > > > > Hiyas, > > Is there a more secure version of the password > > change module? I am workin on restricting it down > > (disallow you to change root password, only change > > password of unlocked users or those with a > specific > > '*expired*' keyword), and noticed that the > security > > checks are not too tight. Namely, save_passwd.cgi > > does not seem to do the same validation for > password > > change rights as the other modules. > > You can configure some of those access controls > already in the password change module, by going into > the Webmin Users module and clicking on 'Change > Passwords' > next to the name of a user. If there are any access > control restrictions that you would like that are > currently missing, tell me and it should be possible > to add them. > > - Jamie > > _______________________________________________________________ > > Don't miss the 2002 Sprint PCS Application > Developer's Conference > August 25-28 in Las Vegas -- > http://devcon.sprintpcs.com/adp/index.cfm > > - > Forwarded by the Webmin development list at > web...@we... > To remove yourself from this list, go to > http://lists.sourceforge.net/lists/listinfo/webadmin-devel __________________________________________________ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com |
