webadmin-list — Webmin users mailing list

Re: [webmin-l] monitor a driectory for file change

[Pat E. <mai...@pa...>]

great.. (es ever ;) )

PAT

On Fri, 27 Oct 2006 17:51:41 +0200, Jamie Cameron <jca...@we...> =
 =

wrote:

> On 27/Oct/2006 06:40 Pat Erler wrote ..
>> hi,
>>
>> maybe i'm missing something here, but i can't find a way to check a
>> directory for changes with the "system and server status module". wit=
h
>> changes i mean adding or removal of files in a directory (or ideally,=
  =

>> only
>> adding of files).
>>
>> is there a way to do this?
>
> Currently, no ... but I will try to include a new monitor type for thi=
s
> in the next Webmin release.
>
>  - Jamie
>
>
> ----------------------------------------------------------------------=
---
> Using Tomcat but need to do more? Need to support web services, securi=
ty?
> Get stuff done quickly with pre-integrated technology to make your job=
  =

> easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache  =

> Geronimo
> http://sel.as-us.falkag.net/sel?cmd=3Dlnk&kid=3D120709&bid=3D263057&da=
t=3D121642
> -
> Forwarded by the Webmin mailing list at  =

> web...@li...
> To remove yourself from this list, go to
> http://lists.sourceforge.net/lists/listinfo/webadmin-list

Re: [webmin-l] monitor a driectory for file change

[Jamie C. <jca...@we...>]

On 27/Oct/2006 06:40 Pat Erler wrote ..
> hi,
> 
> maybe i'm missing something here, but i can't find a way to check a  
> directory for changes with the "system and server status module". with
> changes i mean adding or removal of files in a directory (or ideally, only
> adding of files).
> 
> is there a way to do this?

Currently, no ... but I will try to include a new monitor type for this
in the next Webmin release.

 - Jamie

[webmin-l] monitor a driectory for file change

[Pat E. <mai...@pa...>]

hi,

maybe i'm missing something here, but i can't find a way to check a  
directory for changes with the "system and server status module". with  
changes i mean adding or removal of files in a directory (or ideally, only  
adding of files).

is there a way to do this?

PAT

Re: [webmin-l] Usermin Protected DIrectories

[Jamie C. <jca...@we...>]

On 26/Oct/2006 16:37 Grant Peel wrote ..
<blockquote type=3D"cite">

<div><font size=3D"2" face=3D"Arial">Hi all,</font></div>
<div><font size=3D"2" face=3D"Arial"></font>=A0</div>
<div><font size=3D"2" face=3D"Arial">I came accross a strange one today...</font></div>
<div><font size=3D"2" face=3D"Arial"></font>=A0</div>
<div><font size=3D"2" face=3D"Arial">While using the &quot;Protected Web Directories&quot; module 
in Usermin 1.230 (Webmin Version 1.300), apache-2.2.0</font></div>
<div><font size=3D"2" face=3D"Arial"></font>=A0</div>
<div><font size=3D"2" face=3D"Arial">Findong the web dir through the panel went OK, 
adding the .htacces + .htpasswd files went OK, but I could not log in using the 
passwd I specified in the setup.</font></div>
<div><font size=3D"2" face=3D"Arial"></font>=A0</div>
<div><font size=3D"2" face=3D"Arial">Upon further investigation, I noticed when I read 
the .htaccess file, an extra line:</font></div>
<div><font size=3D"2" face=3D"Arial"></font>=A0</div>
<div><font size=3D"2" face=3D"Arial">&quot;require user&quot; showed up</font></div>
<div><font size=3D"2" face=3D"Arial"></font>=A0</div>
<div><font size=3D"2" face=3D"Arial">when I remove it, all works well.</font></div>
<div><font size=3D"2" face=3D"Arial"></font>=A0</div>
<div><font size=3D"2" face=3D"Arial">Can I, Should I remove this from some template file 
somewhere?</font></div>
<div><font size=3D"2" face=3D"Arial"></font>=A0</div>
<div><font size=3D"2" face=3D"Arial">-doesn't work-</font></div>
<div><font size=3D"2" face=3D"Arial">AuthUserFile 
&quot;/home/domain.com/www/dir-to-protect/.htpasswd&quot;<br />AuthType Basic<br />AuthName 
&quot;Me Only&quot;<br />require user<br />require myrealusernamehere</font></div>
<div><font size=3D"2" face=3D"Arial"></font>=A0</div>
<div>
<div><font size=3D"2" face=3D"Arial">-does work-</font></div>
<div><font size=3D"2" face=3D"Arial">AuthUserFile 
&quot;/home/domain.com/www/dir-to-protect/.htpasswd&quot;<br />AuthType Basic<br />AuthName 
&quot;Me Only&quot;<br />require myrealusernamehere</font></div></div></blockquote>This is actually a bug in Usermin .. when you select to only allow certain users, it should<br />be adding a line like :<br /><br />require user myrealusernamehere someotheruser<br /><br />I'll fix it in the next release..<br /><br />=A0- Jamie<br /><br />

[webmin-l] Usermin Protected DIrectories

[Grant P. <gp...@th...>]

Hi all,

I came accross a strange one today...

While using the "Protected Web Directories" module in Usermin 1.230 =
(Webmin Version 1.300), apache-2.2.0

Findong the web dir through the panel went OK, adding the .htacces + =
.htpasswd files went OK, but I could not log in using the passwd I =
specified in the setup.

Upon further investigation, I noticed when I read the .htaccess file, an =
extra line:

"require user" showed up

when I remove it, all works well.

Can I, Should I remove this from some template file somewhere?

-doesn't work-
AuthUserFile "/home/domain.com/www/dir-to-protect/.htpasswd"
AuthType Basic
AuthName "Me Only"
require user
require myrealusernamehere

-does work-
AuthUserFile "/home/domain.com/www/dir-to-protect/.htpasswd"
AuthType Basic
AuthName "Me Only"
require myrealusernamehere

Re: [webmin-l] [1.300] Error when "Updating users"

[Jamie C. <jca...@we...>]

On 25/Oct/2006 02:24 Joaquim Homrighausen wrote ..
> 
> If I make a change that triggers VM to ask me to re-check the configuration,
> I also sometimes get:
> 
> ".. your system is ready for use by Virtualmin.
> 
> Some of the module configuration settings that effect which modules Webmin
> users have access to have changed. Click the button below to update all
> users with the new permissions.
> 
> [Update Webmin Users]"
> 
> 
> So I click on the button and get this:
> 
> "Updating all Webmin users with new settings..
> .. done
> 
> HTTP/1.0 500 Perl execution failed Server: MiniServ/0.01 Date: Wed, 25
> Oct 2006 09:23:04 GMT Content-type: text/html Connection: close
> 
> Error - Perl execution failed
> 
> Undefined subroutine &main::modify_all_resellers called at /usr/libexec/webmin/virtual-server/all_webmin.cgi
> line 11."

That's a bug .. although fortunately a relatively harmless one, as the users still get updated.

 - Jamie

Re: [webmin-l] [1.300] Virtualmin; putting it all together

[Jamie C. <jca...@we...>]

On 25/Oct/2006 02:15 Joaquim Homrighausen wrote ..
> 
> "Failed to create group"; or something very close to it. I tried it every
> possible way I can think of (parameters, username settings, etc).

This can be caused by the (annoying) nscd daemon. Turn it off now and at
boot time in the Bootup and Shutdown module.

> I got Awstats worksing, although it'd be nice with seamless integration
> when I create a virtual site, so that VM sets up statistics using Awstats,
> instead of allowing for the webalizer option(s).

This will already happen, if you select the AWstats feature when adding
a domain.

> Webmin, and VM, knows where Apache is, but it was complaining about not
> knowing where the htdigest application was; which in most Apache configurations
> is in the same place as apachectl and what not.  When creating a protected
> directory, it allowed the use of crypt-style passwords, and I couldn't
> find anywhere to turn that off (I want only MD5 or "better").

That isn't yet possible .. but is a good idea.

 - Jamie

> 
> 
> -joho
> 
> 
> 
> -------------------------
> Ursprungligt Meddelande:
> Fr=E5n: Jamie Cameron <jca...@we...>
> Till: Webmin users list <web...@li...>
> Kopia: 
> Datum: onsdag, 25 oktober 2006 06:49
> =C4rende: Re: [webmin-l] [1.300] Virtualmin; putting it all together
> On 24/Oct/2006 06:22 Joaquim Homrighausen wrote ..
> > 
> > When I use Virtualmin, I get an error if I enable the checkbox with "Create
> > Unix User"; if I clear it, no error occurs. It insists on creating a
> group
> > called "test4" (when I tell it to create a new virtual server for "test4.domain.com";
> > I have tried every single setting I can think of to no avail. Also, when
> > it fails, and I click on "Return" (or back, or whatever it says, the
> actual
> > link), I get an error about "Not found.." something or other.
> 
> What actual error do you get when you enable that checkbox?
> 
> > Anyway, I want to use awstats instead of webalizer for stats; I've installed
> > the awstats module for webmin/virtualmin; how do I get it to appear for
> > the virtualmin login?
> 
> You need to click on the Plugin Modules icon in Virtualmin, and select
> the
> AWstats module. It then appears as an option when adding a new domain.
>  
> > Does usermin have anything at all to do with virtual servers/virtualmin?
> 
> It is mainly used just as a mail client..
> 
> > I'd like to see better support for Apache 1.3.x configurations/installations
> > built from source. In 99% of the cases on servers I've seen, Apache 1.3.x
> > built from source is installed under /usr/local/apache, and from there
> > you have logs, conf, cgi-bin, icons, etc.
> 
> You can adjust the paths the Apache module uses, by clicking on the Module
> Config link.
> 
> 
> -------------------------------------------------------------------------
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job
> easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=3Dlnk&kid=3D120709&bid=3D263057&dat=3D121642
> -
> Forwarded by the Webmin mailing list at web...@li...
> To remove yourself from this list, go to
> http://lists.sourceforge.net/lists/listinfo/webadmin-list

Re: [webmin-l] [1.300] Virtualmin and Apache+mod_ssl

[Jamie C. <jca...@we...>]

Ok, that IfDefine is probably the problem. Go to Webmin's Apache module, click
on Edit Defined Parameters, and enter SSL into the textbox. 

 - Jamie

On 25/Oct/2006 02:07 Joaquim Homrighausen wrote ..
> 
> Missed that one. When I fix that, I get this instead:
> 
> "Apache is installed.
> 
> The Apache configuration on your system does not appear to be listening
> on port 443, which is needed to host SSL websites. If you do not plan to
> host SSL sites, this feature should be disabled in Virtualmin's module
> configuration page."
> 
> Yet, in my httpd.conf, the following is listed as usual:
> 
> <IfDefine SSL>
> Listen 80
> Listen 443
> </IfDefine>
> 
> I can start the web server fine, and go to its default url:443 or HTTPS.
> 
> 
> -joho
> 
> 
> 
> -------------------------
> Ursprungligt Meddelande:
> Fr=E5n: Jamie Cameron <jca...@we...>
> Till: Webmin users list <web...@li...>
> Datum: onsdag, 25 oktober 2006 03:13
> =C4rende: Re: [webmin-l] [1.300] Virtualmin and Apache+mod_ssl
> On 24/Oct/2006 04:34 Joaquim Homrighausen wrote ..
> 
> > Virtualmin told me it doesn't look like I have mod_ssl installed, and
> therefore
> > it did not want to accept my configuration  until disabled support for
> > SSL Apache sites. But I *do* have mod_ssl installed; the only "problem"
> > is that I always build Apache and mod_ssl from source.. ?
> > 
> > The Apache module configuration in Webmin works fine...
> 
> Is it selected in the Apache module on the Re-Configure Known Modules page?
> That is what Virtualmin looks for..
> 
> 
> -------------------------------------------------------------------------
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job
> easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=3Dlnk&kid=3D120709&bid=3D263057&dat=3D121642
> -
> Forwarded by the Webmin mailing list at web...@li...
> To remove yourself from this list, go to
> http://lists.sourceforge.net/lists/listinfo/webadmin-list

Re: [webmin-l] Preview Virtualmin Website

[Bob G. <Bo...@we...>]

 > Is there a way to preview a website that has been created via
virtualmin before the site actually goes live? =20
>  I would like to preview the site before I change the DNS info to make
sure everything looks OK.

=20

Why don't you just use a hosts file on your local machine, to override
the DNS for you!

=20

=20

[webmin-l] Preview Virtualmin Website

[Scott M. <srm...@in...>]

Is there a way to preview a website that has been created via virtualmin
before the site actually goes live?  For instance, I will be moving all =
my
websites from another server using another control panel to
webmin/virtualmin.  I would like to preview the site before I change the =
DNS
info to make sure everything looks OK.

=20

Thanks,

Scott

[webmin-l] [1.300] Error when "Updating users"

[Joaquim H. <jo...@we...>]

If I make a change that triggers VM to ask me to re-check the configuration, I also sometimes get:

".. your system is ready for use by Virtualmin.

Some of the module configuration settings that effect which modules Webmin users have access to have changed. Click the button below to update all users with the new permissions.

[Update Webmin Users]"


So I click on the button and get this:

"Updating all Webmin users with new settings..
.. done

HTTP/1.0 500 Perl execution failed Server: MiniServ/0.01 Date: Wed, 25 Oct 2006 09:23:04 GMT Content-type: text/html Connection: close

Error - Perl execution failed

Undefined subroutine &main::modify_all_resellers called at /usr/libexec/webmin/virtual-server/all_webmin.cgi line 11."



-joho

Re: [webmin-l] [1.300] vsftpd module for virtualmin under SuSE 10.1

[Joaquim H. <jo...@we...>]

/* re-send, I forgot (again) to use the proper sender address ;) */


>From the man pages for vsftpd under SuSE 10.1:

OPTIONS
     An optional [configuration file] may be given on the command line.  Th=
e
     default configuration file is /etc/vsftpd.conf.


I just tried running "vsftpd someblablafile.conf" and get

500 OOPS: vsftpd: cannot open config file: someblablafile.conf

so it seems it works just fine for SuSE 10.1 at least.


-joho


-------------------------
Ursprungligt Meddelande:
Fr=E5n: Jamie Cameron <jca...@we...>
Till: Webmin users list <web...@li...>
Datum: onsdag, 25 oktober 2006 06:46
=C4rende: Re: [webmin-l] [1.300] vsftpd module for virtualmin under SuSE 10=
.1

On 24/Oct/2006 04:48 Joaquim Homrighausen wrote ..

Because (as far as I know), SuSE's vsftpd package doesn't allow you to crea=
te a separate config
file for each VsFTPd virtual server.

However, it isn't actually necessary to install this module if you just wan=
t to allow Virtualmin
domain owners to FTP in... that works automatically.

Re: [webmin-l] [1.300] Virtualmin; putting it all together

[Joaquim H. <jo...@we...>]

"Failed to create group"; or something very close to it. I tried it every p=
ossible way I can think of (parameters, username settings, etc).

I got Awstats worksing, although it'd be nice with seamless integration whe=
n I create a virtual site, so that VM sets up statistics using Awstats, ins=
tead of allowing for the webalizer option(s).

Webmin, and VM, knows where Apache is, but it was complaining about not kno=
wing where the htdigest application was; which in most Apache configuration=
s is in the same place as apachectl and what not.  When creating a protecte=
d directory, it allowed the use of crypt-style passwords, and I couldn't fi=
nd anywhere to turn that off (I want only MD5 or "better").



-joho



-------------------------
Ursprungligt Meddelande:
Fr=E5n: Jamie Cameron <jca...@we...>
Till: Webmin users list <web...@li...>
Kopia:=20
Datum: onsdag, 25 oktober 2006 06:49
=C4rende: Re: [webmin-l] [1.300] Virtualmin; putting it all together
On 24/Oct/2006 06:22 Joaquim Homrighausen wrote ..
>=20
> When I use Virtualmin, I get an error if I enable the checkbox with "Crea=
te
> Unix User"; if I clear it, no error occurs. It insists on creating a grou=
p
> called "test4" (when I tell it to create a new virtual server for "test4.=
domain.com";
> I have tried every single setting I can think of to no avail. Also, when
> it fails, and I click on "Return" (or back, or whatever it says, the actu=
al
> link), I get an error about "Not found.." something or other.

What actual error do you get when you enable that checkbox?

> Anyway, I want to use awstats instead of webalizer for stats; I've instal=
led
> the awstats module for webmin/virtualmin; how do I get it to appear for
> the virtualmin login?

You need to click on the Plugin Modules icon in Virtualmin, and select the
AWstats module. It then appears as an option when adding a new domain.
=20
> Does usermin have anything at all to do with virtual servers/virtualmin?

It is mainly used just as a mail client..

> I'd like to see better support for Apache 1.3.x configurations/installati=
ons
> built from source. In 99% of the cases on servers I've seen, Apache 1.3.x
> built from source is installed under /usr/local/apache, and from there
> you have logs, conf, cgi-bin, icons, etc.

You can adjust the paths the Apache module uses, by clicking on the Module
Config link.

Re: [webmin-l] [1.300] Virtualmin and Apache+mod_ssl

[Joaquim H. <jo...@we...>]

Missed that one. When I fix that, I get this instead:

"Apache is installed.

The Apache configuration on your system does not appear to be listening on =
port 443, which is needed to host SSL websites. If you do not plan to host =
SSL sites, this feature should be disabled in Virtualmin's module configura=
tion page."

Yet, in my httpd.conf, the following is listed as usual:

<IfDefine SSL>
Listen 80
Listen 443
</IfDefine>

I can start the web server fine, and go to its default url:443 or HTTPS.


-joho



-------------------------
Ursprungligt Meddelande:
Fr=E5n: Jamie Cameron <jca...@we...>
Till: Webmin users list <web...@li...>
Datum: onsdag, 25 oktober 2006 03:13
=C4rende: Re: [webmin-l] [1.300] Virtualmin and Apache+mod_ssl
On 24/Oct/2006 04:34 Joaquim Homrighausen wrote ..

> Virtualmin told me it doesn't look like I have mod_ssl installed, and the=
refore
> it did not want to accept my configuration  until disabled support for
> SSL Apache sites. But I *do* have mod_ssl installed; the only "problem"
> is that I always build Apache and mod_ssl from source.. ?
>=20
> The Apache module configuration in Webmin works fine...

Is it selected in the Apache module on the Re-Configure Known Modules page?
That is what Virtualmin looks for..

Re: [webmin-l] Webmin-1.300; Usermin..

[Joaquim H. <jo...@we...>]

Yes I did, but then I scrolled down to the bottom of the page and clicked t=
he wrong [Save] button; perhaps an extra blank line or two between those tw=
o sections? :-)

/* sorry, should have seen that */


-joho


-------------------------
Ursprungligt Meddelande:
Fr=E5n: Jamie Cameron <jca...@we...>
Till: Webmin users list <web...@li...>
Kopia:=20
Datum: onsdag, 25 oktober 2006 03:11
=C4rende: Re: [webmin-l] Webmin-1.300; Usermin..

Did you select the 'Allow access to home and directories below..' option?

 - Jamie

On 24/Oct/2006 03:25 Joaquim Homrighausen wrote ..

>
> Hmm.. I've tried that, but when I log-on to usermin with my "test user",
> I can still poke around the file system, klick on files in /etc, etc.

Re: [webmin-l] [1.300] Virtualmin; putting it all together

[Jamie C. <jca...@we...>]

On 24/Oct/2006 06:22 Joaquim Homrighausen wrote ..
> 
> When I use Virtualmin, I get an error if I enable the checkbox with "Create
> Unix User"; if I clear it, no error occurs. It insists on creating a group
> called "test4" (when I tell it to create a new virtual server for "test4.domain.com";
> I have tried every single setting I can think of to no avail. Also, when
> it fails, and I click on "Return" (or back, or whatever it says, the actual
> link), I get an error about "Not found.." something or other.

What actual error do you get when you enable that checkbox?

> Anyway, I want to use awstats instead of webalizer for stats; I've installed
> the awstats module for webmin/virtualmin; how do I get it to appear for
> the virtualmin login?

You need to click on the Plugin Modules icon in Virtualmin, and select the
AWstats module. It then appears as an option when adding a new domain.
 
> Does usermin have anything at all to do with virtual servers/virtualmin?

It is mainly used just as a mail client..

> I'd like to see better support for Apache 1.3.x configurations/installations
> built from source. In 99% of the cases on servers I've seen, Apache 1.3.x
> built from source is installed under /usr/local/apache, and from there
> you have logs, conf, cgi-bin, icons, etc.

You can adjust the paths the Apache module uses, by clicking on the Module
Config link.

 - Jamie

Re: [webmin-l] [1.300] vsftpd module for virtualmin under SuSE 10.1

[Jamie C. <jca...@we...>]

On 24/Oct/2006 04:48 Joaquim Homrighausen wrote ..
> 
> I guess I'm risking a flood warning soon ;)
> 
> "Failed to install module from http://www.webmin.com/download/plugins/virtualmin-vsftpd.wbm.gz
> : Module virtualmin-vsftpd does not support this operating system (SuSE
> Linux 10.1)"
> 
> 
> Why not?

Because (as far as I know), SuSE's vsftpd package doesn't allow you to create a separate config
file for each VsFTPd virtual server.

However, it isn't actually necessary to install this module if you just want to allow Virtualmin
domain owners to FTP in... that works automatically.

 - Jamie

Re: [webmin-l] [1.300] Postfix-MySQL

[Jamie C. <jca...@we...>]

On 24/Oct/2006 04:41 Joaquim Homrighausen wrote ..
> 
> Does (or will) Webmin support the postfix-mysql add-on which allows Postfix
> to use mysql-based maps?

Not at the moment ..

 - Jamie

Re: [webmin-l] [1.300] Tomcat

[Jamie C. <jca...@we...>]

On 24/Oct/2006 02:40 Joaquim Homrighausen wrote ..
> 
> Any chance we'll be seeing a Tomcat-server module (like the one for Apache)
> .. ?

I'm not currently developing one for the core Webmin package, but one was developed
by Erich Roncarolo according to thirdpartymodules.webmin.com. However, the package
is no longer available for download :(

 - Jamie

Re: [webmin-l] [1.300] Virtualmin and Apache+mod_ssl

[Jamie C. <jca...@we...>]

On 24/Oct/2006 04:34 Joaquim Homrighausen wrote ..
> 
> Virtualmin told me it doesn't look like I have mod_ssl installed, and therefore
> it did not want to accept my configuration  until disabled support for
> SSL Apache sites. But I *do* have mod_ssl installed; the only "problem"
> is that I always build Apache and mod_ssl from source.. ?
> 
> The Apache module configuration in Webmin works fine...

Is it selected in the Apache module on the Re-Configure Known Modules page?
That is what Virtualmin looks for..

 - Jamie

Re: [webmin-l] [1.300] Mail queue paging

[Jamie C. <jca...@we...>]

On 24/Oct/2006 04:27 Joaquim Homrighausen wrote ..
> 
> /* A re-send, I used the wrong sender before */
> 
> I guess this applies to all places where paging support is present. We
> currently have "Previous" and "Next"; I'd like "Got to page # [    ]",
> First page, and Last page as navigation options too. A "number of items"
> drop-down would be nice too, "5, 10, 20, 30, 50, 100, 200, 500, all".
> 
> One more thing on these paging pages.. one alternative is to:

That's on my TODO list..
 
> [ ] Enable listbox display of items
> 
> (where you use a <div style="overflow-x: auto; overflow-y: scroll">Enter
> your div or table with data here</div>)
> 
> This would allow me to scroll through the items, but without clearing the
> stuff at the top.. 

I tend to shy away from HTML like that, to make Webmin more compatible across
browsers.

 - Jamie

Re: [webmin-l] Webmin-1.300; Usermin..

[Jamie C. <jca...@we...>]

Did you select the 'Allow access to home and directories below..' option?

 - Jamie

On 24/Oct/2006 03:25 Joaquim Homrighausen wrote ..
> 
> Hmm.. I've tried that, but when I log-on to usermin with my "test user",
> I can still poke around the file system, klick on files in /etc, etc.
> 
> 
> -joho
> 
> 
> 
> -------------------------
> Ursprungligt Meddelande:
> Fr=E5n: Jamie Cameron <jca...@we...>
> Till: Webmin users list <web...@li...>
> Datum: m=E5ndag, 23 oktober 2006 19:36
> =C4rende: Re: [webmin-l] Webmin-1.300; Usermin..
> 
> On 23/Oct/2006 06:16 Joaquim Homrighausen wrote ..
> 
> > 3) How do I restrict the Java file manager applet to the users home directory?
> > Is it safe? :-)
> 
> In Usermin? Login to Webmin, and go to Usermin Configuration -> Usermin
> Module Configuration
> -> File Manager. On the form that appears, there are fields for limiting
> users to
> their home dir or other dirs.
> 
> 
> -------------------------------------------------------------------------
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job
> easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=3Dlnk&kid=3D120709&bid=3D263057&dat=3D121642
> -
> Forwarded by the Webmin mailing list at web...@li...
> To remove yourself from this list, go to
> http://lists.sourceforge.net/lists/listinfo/webadmin-list

Re: [webmin-l] HP-UX Trusted Mode with Webmin

[flq <fl...@ca...>]

Hi Jamie,

If you issue the command "/usr/lbin/getprpw -l root" and
system is not trusted, it will yield the following string.

System is not trusted.

And for the cluster Users and Groups, may I suggest that the
procedure uses the local module instead.  Maybe the local
module has been modified to suit a particular need and
therefore it would make sense to use the local one.

I did not dig the code for the cluster module but when I
have time I will.

TIA

Francis Le Quellec



> On 24/Oct/2006 11:32 flq wrote ..
> > Hi jamie,
> > 
> > More info on Trusted Mode in HP-UX
> > 
> > 1 - This is the content of
> > "/tcb/files/auth/system/default" which regulates
> > parameters when not modified at user creation.
> > 
> > default:\
> >         :d_name=default:\
> >         :d_boot_authenticate@:\
> >         :u_pwd=*:\
> >         :u_owner=root:u_auditflag#-1:\
> >        
> >
> :u_minchg#86400:u_maxlen#20:u_exp#10368000:u_life#11059200
> >        :\ 
> >
> :u_llogin#7776000:u_pw_expire_warning#432000:u_pswduser=ro
> >         ot:u_pickpw:\
> >        :u_genpwd@:u_restrict:u_nullpw@:u_genchars@:\ 
> > :u_genletters@:u_suclog#0:u_unsuclog#0:u_maxtries#5:\
> >         :u_lock:\
> >         :t_logdelay#2:t_maxtries#10:t_login_timeout#60:\
> >         :chkent:
> > 
> > 2 - This is the content of "/tcb/files/auth/t/test" (for
> > a test user)
> > 
> > test:u_name=test:u_id#6668:\
> >         :u_pwd=MY_ENCRYPTED_PASSWORD_GOES_HERE:\
> >         :u_auditid#22:\
> >         :u_auditflag#1:\
> >        
> >
> :u_succhg#1161187967:u_unsucchg#1161187183:u_suclog#116118
> >         7976:u_lock@:\ :chkent:
> > 
> > These data files might be difficult to parse and HP does
> > not recommend editing these directly.
> > 
> > Instead, using the "/usr/lbin/modprpw" and
> > "/usr/lbin/getprpw" which in turn are not actually
> > "officially" supported by HP, will be safer.
> > 
> > The reason for locked account is specified in the user's
> > protected password file. e.g. /tcb/files/auth/t/test
> > 
> > Issueing this command "/usr/lbin/getprpw -l test" yields
> > the following result:
> > 
> > uid=6668, bootpw=NO, audid=22, audflg=1, mintm=-1,
> > maxpwln=-1, exptm=-1, lftm=-1, spwchg=Wed Oct 18
> > 12:12:47 2006, upwchg=Wed Oct 18 11:59:43 2006,
> > acctexp=-1, llog=-1, expwarn=-1, usrpick=DFT,
> > syspnpw=DFT, rstrpw=DFT, nullpw=DFT, admnum=-1,
> > syschpw=DFT, sysltpw=DFT, timeod=-1, slogint=Wed Oct 18
> > 12:12:56 2006, ulogint=-1, sloginy=-1, culogin=-1,
> > uloginy=-1, umaxlntr=-1, alock=YES, lockout=0000010
> > 
> > The last field (lockout=0000010) is a flag and the
> > meaning of each bit is explained in "man getprpw"
> > 
> > This command "/usr/lbin/getprpw -m lockout -l test"
> > yields this string:
> > 
> > lockout=0000010
> > 
> > /quoting "man getprpw"
> > 
> >  returns the reason for a lockout in a "bit" valued
> >  string, where 0 = condition not present, 1 is
> >  present.  The position, left to right represents:
> > 
> >            1 past password lifetime
> >            2 past last login time (inactive account)
> >            3 past absolute account lifetime
> >            4 exceeded unsuccessful login attempts
> >            5 password required and a null password
> >            6 admin lock
> >            7 password is a *
> > 
> > /end of quoting
> > 
> > 
> > In order to reset the password, Webmin does not need to
> > "know" where the original password is stored and
> > actually should not be able to retrieve it.  It is a
> > one-way hash.  If the user has his/her account locked up
> > , too bad, new password required.  This is according to
> > corporate policies. 
> > 
> > Using this command: "/usr/lbin/modprpw -x -l test" will
> > reset the password of the test user but prints it on
> >  stdout. In the code I modified, I redirected the stdout
> > to a temp file so I can mail it afterward. Also that
> > command will force the user to change his/her password
> > at next login...so 2 birds with 1 stone.
> 
> Thanks for all the info .. It sounds like using the
> commands is the best approach.
> 
> BTW, how can I detect if HP/UX is in trusted mode or not?
>  
> > One other thing,  is it possible in the near future to
> > cluster different Unix platforms for, lets say, Users
> > and Groups module?
> > 
> > I would like to have one centralized server or cluster
> > of servers for HelpDesk to connect to and manage users
> > on any Unix platform instead of having to login to each
> flavor.
> 
> Not easily - different operating systems store different
> info about users. You can cluster Linux and Solaris as
> they have the same /etc/passwd and shadow formats, but not
> FreeBSD as it uses a master.passwd file with different
> fields.
> 
>  - Jamie
> 
> > Hope this helps and sorry for the length...
> > 
> > 
> > TIA
> > 
> > 
> > Francis Le Quellec
> > 
> > 
> > 
> > > On 24/Oct/2006 09:18 flq wrote ..
> > > > Hi Jamie,
> > > > 
> > > > thanks for the reply.
> > > > 
> > > > I will have an HP Visualize Workstation running
> > > > HP-UX 11i next Monday.  With root access thru ssh.
> > > > 
> > > > In the mean time, here is the mods I did in some
> > > > Perl script in order to support some functions that
> > > > I have to implement. 
> > > > In "useradmin/userlib.pl"
> > > > 
> > > > I added these lines of code:
> > > > 
> > > > elsif ($pft == 99) {
> > > >         # Just invoke the useradd command
> > > >         &system_logged("useradd -u $_[0]->{'uid'} -g
> > > > $_[0]->{'gid'} -c "$_[0]->{'real'}" -d $_[0]->{'home
> > > > '} -s $_[0]->{'shell'} $_[0]->{'user'}");
> > > >         # And set the password
> > > >         &system_logged("/usr/lbin/modprpw -x -l
> > > > $_[0]->{'user'} >/opt/webmin/tmp.p 2>&1");
> > > >         &system_logged("/usr/bin/cat
> > > > /opt/webmin/tmp.p | mailx -s "Your new password for
> > > > \`hostname\`" my_email_addr\@company.com >/dev/null
> > > >         2>&1"); }
> > > > 
> > > > and in "useradmin/hpux-lib.pl:
> > > > 
> > > > I changed:
> > > > 
> > > > sub passfiles_type
> > > > {
> > > > return 0;
> > > > }
> > > > 
> > > > to
> > > > 
> > > > sub passfiles_type
> > > > {
> > > > return 99;
> > > > }
> > > > 
> > > > 
> > > > 
> > > > I know it's not much of a mod but at least it lets
> > > > me go forward with the implementation of the tool in
> > > > our environment.
> > > > 
> > > > Let me know if it is ok for now.
> > > 
> > > That would work, although I would prefer to have
> > > Webmin write to the config files directly .. I'll do
> > > it this way when I  write the code.
> > > 
> > > > I will be able to give you information about HP-UX
> > > > Trusted Mode as I know ins and outs of HP's
> > > > implementation. 
> > > > I have many "wish list" requests for Webmin in order
> > > > to be a valid solution corporate wise.
> > > > 
> > > > Some examples:
> > > > 
> > > > 1 - Webmin accounts security should have password
> > > > complexity, expiration date, etc...
> > > 
> > > Nice idea .. and certainly do-able.
> > > 
> > > > 2 - Integration with AD in order to control these
> > > > Webmin accounts from a centralized location (LDAP
> > > authentication)
> > > 
> > > Already possible, if you have NSS-LDAP integration
> > > setup. 
> > > > 3 - The possibility for the Webmin user when he
> > > > creates a user on a Unix box to enter an email
> > > > address to send the password to.
> > > 
> > > Not a bad idea ..
> > > 
> > > > 4 - Using a Unix account as a template to create
> > > > another user.
> > > 
> > > Also a good idea.
> > > 
> > > > 5 - Reason for a locked account
> > > 
> > > Where would this be stored though?
> > > 
> > > > 6 - In the "Change password" module instead of
> > > > entering a new password, to just reset the account
> > > > based on the reason why it was locked.
> > > 
> > > Again, most Unixes don't have a place to store the
> > > 'original' password .. although HP/UX may differ.
> > > 
> > > > 7 - Change the expiry date of an account. e.g. a
> > > > renewed consultant's contract.
> > > 
> > > This should already be do-able in the Users and Groups
> > > module.
> > > 
> > >  - Jamie
> > > 
> > > > These items are all pertaining to HP Trusted Mode.
> > > > 
> > > > TIA for your time
> > > > 
> > > > 
> > > > Francis
> > > > 
> > > > 
> > > > > On 23/Oct/2006 13:47 flq wrote ..
> > > > > > Hi all,
> > > > > > 
> > > > > > I am using Webmin, a very useful tool btw, to
> > > > > > manage users on many Unix platforms.
> > > > > > 
> > > > > > The hurdle I came across is the fact that Webmin
> > > > > > does not fully support HP-UX in Trusted Mode.
> > > > > > 
> > > > > > I would like to know, since I did not find any
> > > > > > threads on mailing lists regarding that matter,
> > > > > > if there is an on-going effort to support the
> > > > > > Trusted Mode. 
> > > > > > I would really like to see it supported as all
> > > > > > of the HP-UX installs I do are being setup in
> > > > > > Trusted Mode. 
> > > > > > If need be, I am willing to run with that flag
> > > > > > and make it happen.
> > > > > > 
> > > > > > Please let me know if I can be of any help in
> > > > > > order to resolve this issue.
> > > > > > 
> > > > > > TIA
> > > > > > 
> > > > > Hi Francis,
> > > > > 
> > > > > I am aware of HP/UX's trusted mode, but
> > > > > unfortunately haven't put any effort into
> > > > > supporting it in Webmin, as I don't have any HP/UX
> > > > > hardware of my own ..  and it isn't as popular an
> > > > > OS as Linux or Solaris. 
> > > > > However, I would be glad to accept a patch to the
> > > > > Users and Groups module to add trusted mode
> > > > > support. Or if you could give me remote root
> > > > > access to a box with HP/UX installed, I should be
> > > > > able to update Webmin to support it.
> > > > > 
> > > > >  - Jamie



----------------------------------------
Upgrade your account today for increased storage; mail
forwarding or POP enabled e-mail with automatic virus
scanning. Visit our member benefits page at
https://members.canada.com/benefits.aspx for more
information.

Re: [webmin-l] HP-UX Trusted Mode with Webmin

[Jamie C. <jca...@we...>]

On 24/Oct/2006 11:32 flq wrote ..
> Hi jamie,
> 
> More info on Trusted Mode in HP-UX
> 
> 1 - This is the content of "/tcb/files/auth/system/default"
> which regulates parameters when not modified at user
> creation.
> 
> default:\
>         :d_name=default:\
>         :d_boot_authenticate@:\
>         :u_pwd=*:\
>         :u_owner=root:u_auditflag#-1:\
>        
> :u_minchg#86400:u_maxlen#20:u_exp#10368000:u_life#11059200:\
>        
> :u_llogin#7776000:u_pw_expire_warning#432000:u_pswduser=root:u_pickpw:\
>         :u_genpwd@:u_restrict:u_nullpw@:u_genchars@:\
>        
> :u_genletters@:u_suclog#0:u_unsuclog#0:u_maxtries#5:\
>         :u_lock:\
>         :t_logdelay#2:t_maxtries#10:t_login_timeout#60:\
>         :chkent:
> 
> 2 - This is the content of "/tcb/files/auth/t/test" (for a
> test user)
> 
> test:u_name=test:u_id#6668:\
>         :u_pwd=MY_ENCRYPTED_PASSWORD_GOES_HERE:\
>         :u_auditid#22:\
>         :u_auditflag#1:\
>        
> :u_succhg#1161187967:u_unsucchg#1161187183:u_suclog#1161187976:u_lock@:\
>         :chkent:
> 
> These data files might be difficult to parse and HP does not
> recommend editing these directly.
> 
> Instead, using the "/usr/lbin/modprpw" and
> "/usr/lbin/getprpw" which in turn are not actually
> "officially" supported by HP, will be safer.
> 
> The reason for locked account is specified in the user's
> protected password file. e.g. /tcb/files/auth/t/test
> 
> Issueing this command "/usr/lbin/getprpw -l test" yields the
> following result:
> 
> uid=6668, bootpw=NO, audid=22, audflg=1, mintm=-1,
> maxpwln=-1, exptm=-1, lftm=-1, spwchg=Wed Oct 18 12:12:47
> 2006, upwchg=Wed Oct 18 11:59:43 2006, acctexp=-1, llog=-1,
> expwarn=-1, usrpick=DFT, syspnpw=DFT, rstrpw=DFT,
> nullpw=DFT, admnum=-1, syschpw=DFT, sysltpw=DFT, timeod=-1,
> slogint=Wed Oct 18 12:12:56 2006, ulogint=-1, sloginy=-1,
> culogin=-1, uloginy=-1, umaxlntr=-1, alock=YES,
> lockout=0000010
> 
> The last field (lockout=0000010) is a flag and the meaning
> of each bit is explained in "man getprpw"
> 
> This command "/usr/lbin/getprpw -m lockout -l test" yields
> this string:
> 
> lockout=0000010
> 
> /quoting "man getprpw"
> 
>  returns the reason for a lockout in a "bit" valued
>  string, where 0 = condition not present, 1 is
>  present.  The position, left to right represents:
> 
>            1 past password lifetime
>            2 past last login time (inactive account)
>            3 past absolute account lifetime
>            4 exceeded unsuccessful login attempts
>            5 password required and a null password
>            6 admin lock
>            7 password is a *
> 
> /end of quoting
> 
> 
> In order to reset the password, Webmin does not need to
> "know" where the original password is stored and actually
> should not be able to retrieve it.  It is a one-way hash. 
> If the user has his/her account locked up, too bad, new
> password required.  This is according to corporate policies.
> 
> 
> Using this command: "/usr/lbin/modprpw -x -l test" will
> reset the password of the test user but prints it on stdout.
>  In the code I modified, I redirected the stdout to a temp
> file so I can mail it afterward. Also that command will
> force the user to change his/her password at next login...so
> 2 birds with 1 stone.

Thanks for all the info .. It sounds like using the commands
is the best approach.

BTW, how can I detect if HP/UX is in trusted mode or not?
 
> One other thing,  is it possible in the near future to
> cluster different Unix platforms for, lets say, Users and
> Groups module?
> 
> I would like to have one centralized server or cluster of
> servers for HelpDesk to connect to and manage users on any
> Unix platform instead of having to login to each flavor.

Not easily - different operating systems store different info
about users. You can cluster Linux and Solaris as they have
the same /etc/passwd and shadow formats, but not FreeBSD as it
uses a master.passwd file with different fields.

 - Jamie

> Hope this helps and sorry for the length...
> 
> 
> TIA
> 
> 
> Francis Le Quellec
> 
> 
> 
> > On 24/Oct/2006 09:18 flq wrote ..
> > > Hi Jamie,
> > > 
> > > thanks for the reply.
> > > 
> > > I will have an HP Visualize Workstation running HP-UX
> > > 11i next Monday.  With root access thru ssh.
> > > 
> > > In the mean time, here is the mods I did in some Perl
> > > script in order to support some functions that I have to
> > > implement. 
> > > In "useradmin/userlib.pl"
> > > 
> > > I added these lines of code:
> > > 
> > > elsif ($pft == 99) {
> > >         # Just invoke the useradd command
> > >         &system_logged("useradd -u $_[0]->{'uid'} -g
> > > $_[0]->{'gid'} -c "$_[0]->{'real'}" -d $_[0]->{'home
> > > '} -s $_[0]->{'shell'} $_[0]->{'user'}");
> > >         # And set the password
> > >         &system_logged("/usr/lbin/modprpw -x -l
> > > $_[0]->{'user'} >/opt/webmin/tmp.p 2>&1");
> > >         &system_logged("/usr/bin/cat /opt/webmin/tmp.p |
> > > mailx -s "Your new password for \`hostname\`"
> > > my_email_addr\@company.com >/dev/null 2>&1");
> > >         }
> > > 
> > > and in "useradmin/hpux-lib.pl:
> > > 
> > > I changed:
> > > 
> > > sub passfiles_type
> > > {
> > > return 0;
> > > }
> > > 
> > > to
> > > 
> > > sub passfiles_type
> > > {
> > > return 99;
> > > }
> > > 
> > > 
> > > 
> > > I know it's not much of a mod but at least it lets me go
> > > forward with the implementation of the tool in our
> > > environment.
> > > 
> > > Let me know if it is ok for now.
> > 
> > That would work, although I would prefer to have Webmin
> > write to the config files directly .. I'll do it this way
> > when I  write the code.
> > 
> > > I will be able to give you information about HP-UX
> > > Trusted Mode as I know ins and outs of HP's
> > > implementation. 
> > > I have many "wish list" requests for Webmin in order to
> > > be a valid solution corporate wise.
> > > 
> > > Some examples:
> > > 
> > > 1 - Webmin accounts security should have password
> > > complexity, expiration date, etc...
> > 
> > Nice idea .. and certainly do-able.
> > 
> > > 2 - Integration with AD in order to control these Webmin
> > > accounts from a centralized location (LDAP
> > authentication)
> > 
> > Already possible, if you have NSS-LDAP integration setup.
> > 
> > > 3 - The possibility for the Webmin user when he creates
> > > a user on a Unix box to enter an email address to send
> > > the password to.
> > 
> > Not a bad idea ..
> > 
> > > 4 - Using a Unix account as a template to create another
> > > user.
> > 
> > Also a good idea.
> > 
> > > 5 - Reason for a locked account
> > 
> > Where would this be stored though?
> > 
> > > 6 - In the "Change password" module instead of entering
> > > a new password, to just reset the account based on the
> > > reason why it was locked.
> > 
> > Again, most Unixes don't have a place to store the
> > 'original' password .. although HP/UX may differ.
> > 
> > > 7 - Change the expiry date of an account. e.g. a renewed
> > > consultant's contract.
> > 
> > This should already be do-able in the Users and Groups
> > module.
> > 
> >  - Jamie
> > 
> > > These items are all pertaining to HP Trusted Mode.
> > > 
> > > TIA for your time
> > > 
> > > 
> > > Francis
> > > 
> > > 
> > > > On 23/Oct/2006 13:47 flq wrote ..
> > > > > Hi all,
> > > > > 
> > > > > I am using Webmin, a very useful tool btw, to manage
> > > > > users on many Unix platforms.
> > > > > 
> > > > > The hurdle I came across is the fact that Webmin
> > > > > does not fully support HP-UX in Trusted Mode.
> > > > > 
> > > > > I would like to know, since I did not find any
> > > > > threads on mailing lists regarding that matter, if
> > > > > there is an on-going effort to support the Trusted
> > > > > Mode. 
> > > > > I would really like to see it supported as all of
> > > > > the HP-UX installs I do are being setup in Trusted
> > > > > Mode. 
> > > > > If need be, I am willing to run with that flag and
> > > > > make it happen.
> > > > > 
> > > > > Please let me know if I can be of any help in order
> > > > > to resolve this issue.
> > > > > 
> > > > > TIA
> > > > > 
> > > > Hi Francis,
> > > > 
> > > > I am aware of HP/UX's trusted mode, but unfortunately
> > > > haven't put any effort into supporting it in Webmin,
> > > > as I don't have any HP/UX hardware of my own ..  and
> > > > it isn't as popular an OS as Linux or Solaris.
> > > > 
> > > > However, I would be glad to accept a patch to the
> > > > Users and Groups module to add trusted mode support.
> > > > Or if you could give me remote root access to a box
> > > > with HP/UX installed, I should be able to update
> > > > Webmin to support it.
> > > > 
> > > >  - Jamie
> > > > 
> > > >
> > > >
> > ----------------------------------------------------------
> > > > --------------- Using Tomcat but need to do more? Need
> > > > to support web services, security? Get stuff done
> > quickly with pre-integrated technology to make your job
> > > > easier Download IBM WebSphere Application Server
> > > > v.1.0.1 based on Apache Geronimo
> > > >
> > >
> >
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> > > > -
> > > > Forwarded by the Webmin mailing list at
> > > > web...@li... To remove yourself
> > > > from this list, go to
> > > >
> > >
> > >
> > http://lists.sourceforge.net/lists/listinfo/webadmin-list 
> > ----------------------------------------------------------
> > > --------------- Using Tomcat but need to do more? Need
> > > to support web services, security? Get stuff done
> > > quickly with pre-integrated technology to make your job
> > > easier Download IBM WebSphere Application Server v.1.0.1
> > > based on Apache Geronimo
> >
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> > > -
> > > Forwarded by the Webmin mailing list at
> > > web...@li... To remove yourself
> > > from this list, go to
> > http://lists.sourceforge.net/lists/listinfo/webadmin-list
> > 
> > ----------------------------------------------------------
> > --------------- Using Tomcat but need to do more? Need to
> > support web services, security? Get stuff done quickly
> > with pre-integrated technology to make your job easier
> > Download IBM WebSphere Application Server v.1.0.1 based on
> > Apache Geronimo
> >
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> > -
> > Forwarded by the Webmin mailing list at
> > web...@li... To remove yourself
> > from this list, go to
> > http://lists.sourceforge.net/lists/listinfo/webadmin-list
> 
> -------------------------------------------------------------------------
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job
> easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> -
> Forwarded by the Webmin mailing list at web...@li...
> To remove yourself from this list, go to
> http://lists.sourceforge.net/lists/listinfo/webadmin-list

Re: [webmin-l] HP-UX Trusted Mode with Webmin

[flq <fl...@ca...>]

Hi jamie,

More info on Trusted Mode in HP-UX

1 - This is the content of "/tcb/files/auth/system/default"
which regulates parameters when not modified at user
creation.

default:\
        :d_name=default:\
        :d_boot_authenticate@:\
        :u_pwd=*:\
        :u_owner=root:u_auditflag#-1:\
       
:u_minchg#86400:u_maxlen#20:u_exp#10368000:u_life#11059200:\
       
:u_llogin#7776000:u_pw_expire_warning#432000:u_pswduser=root:u_pickpw:\
        :u_genpwd@:u_restrict:u_nullpw@:u_genchars@:\
       
:u_genletters@:u_suclog#0:u_unsuclog#0:u_maxtries#5:\
        :u_lock:\
        :t_logdelay#2:t_maxtries#10:t_login_timeout#60:\
        :chkent:

2 - This is the content of "/tcb/files/auth/t/test" (for a
test user)

test:u_name=test:u_id#6668:\
        :u_pwd=MY_ENCRYPTED_PASSWORD_GOES_HERE:\
        :u_auditid#22:\
        :u_auditflag#1:\
       
:u_succhg#1161187967:u_unsucchg#1161187183:u_suclog#1161187976:u_lock@:\
        :chkent:

These data files might be difficult to parse and HP does not
recommend editing these directly.

Instead, using the "/usr/lbin/modprpw" and
"/usr/lbin/getprpw" which in turn are not actually
"officially" supported by HP, will be safer.

The reason for locked account is specified in the user's
protected password file. e.g. /tcb/files/auth/t/test

Issueing this command "/usr/lbin/getprpw -l test" yields the
following result:

uid=6668, bootpw=NO, audid=22, audflg=1, mintm=-1,
maxpwln=-1, exptm=-1, lftm=-1, spwchg=Wed Oct 18 12:12:47
2006, upwchg=Wed Oct 18 11:59:43 2006, acctexp=-1, llog=-1,
expwarn=-1, usrpick=DFT, syspnpw=DFT, rstrpw=DFT,
nullpw=DFT, admnum=-1, syschpw=DFT, sysltpw=DFT, timeod=-1,
slogint=Wed Oct 18 12:12:56 2006, ulogint=-1, sloginy=-1,
culogin=-1, uloginy=-1, umaxlntr=-1, alock=YES,
lockout=0000010

The last field (lockout=0000010) is a flag and the meaning
of each bit is explained in "man getprpw"

This command "/usr/lbin/getprpw -m lockout -l test" yields
this string:

lockout=0000010

/quoting "man getprpw"

 returns the reason for a lockout in a "bit" valued
 string, where 0 = condition not present, 1 is
 present.  The position, left to right represents:

           1 past password lifetime
           2 past last login time (inactive account)
           3 past absolute account lifetime
           4 exceeded unsuccessful login attempts
           5 password required and a null password
           6 admin lock
           7 password is a *

/end of quoting


In order to reset the password, Webmin does not need to
"know" where the original password is stored and actually
should not be able to retrieve it.  It is a one-way hash. 
If the user has his/her account locked up, too bad, new
password required.  This is according to corporate policies.


Using this command: "/usr/lbin/modprpw -x -l test" will
reset the password of the test user but prints it on stdout.
 In the code I modified, I redirected the stdout to a temp
file so I can mail it afterward. Also that command will
force the user to change his/her password at next login...so
2 birds with 1 stone.


One other thing,  is it possible in the near future to
cluster different Unix platforms for, lets say, Users and
Groups module?

I would like to have one centralized server or cluster of
servers for HelpDesk to connect to and manage users on any
Unix platform instead of having to login to each flavor.

Hope this helps and sorry for the length...


TIA


Francis Le Quellec



> On 24/Oct/2006 09:18 flq wrote ..
> > Hi Jamie,
> > 
> > thanks for the reply.
> > 
> > I will have an HP Visualize Workstation running HP-UX
> > 11i next Monday.  With root access thru ssh.
> > 
> > In the mean time, here is the mods I did in some Perl
> > script in order to support some functions that I have to
> > implement. 
> > In "useradmin/userlib.pl"
> > 
> > I added these lines of code:
> > 
> > elsif ($pft == 99) {
> >         # Just invoke the useradd command
> >         &system_logged("useradd -u $_[0]->{'uid'} -g
> > $_[0]->{'gid'} -c "$_[0]->{'real'}" -d $_[0]->{'home
> > '} -s $_[0]->{'shell'} $_[0]->{'user'}");
> >         # And set the password
> >         &system_logged("/usr/lbin/modprpw -x -l
> > $_[0]->{'user'} >/opt/webmin/tmp.p 2>&1");
> >         &system_logged("/usr/bin/cat /opt/webmin/tmp.p |
> > mailx -s "Your new password for \`hostname\`"
> > my_email_addr\@company.com >/dev/null 2>&1");
> >         }
> > 
> > and in "useradmin/hpux-lib.pl:
> > 
> > I changed:
> > 
> > sub passfiles_type
> > {
> > return 0;
> > }
> > 
> > to
> > 
> > sub passfiles_type
> > {
> > return 99;
> > }
> > 
> > 
> > 
> > I know it's not much of a mod but at least it lets me go
> > forward with the implementation of the tool in our
> > environment.
> > 
> > Let me know if it is ok for now.
> 
> That would work, although I would prefer to have Webmin
> write to the config files directly .. I'll do it this way
> when I  write the code.
> 
> > I will be able to give you information about HP-UX
> > Trusted Mode as I know ins and outs of HP's
> > implementation. 
> > I have many "wish list" requests for Webmin in order to
> > be a valid solution corporate wise.
> > 
> > Some examples:
> > 
> > 1 - Webmin accounts security should have password
> > complexity, expiration date, etc...
> 
> Nice idea .. and certainly do-able.
> 
> > 2 - Integration with AD in order to control these Webmin
> > accounts from a centralized location (LDAP
> authentication)
> 
> Already possible, if you have NSS-LDAP integration setup.
> 
> > 3 - The possibility for the Webmin user when he creates
> > a user on a Unix box to enter an email address to send
> > the password to.
> 
> Not a bad idea ..
> 
> > 4 - Using a Unix account as a template to create another
> > user.
> 
> Also a good idea.
> 
> > 5 - Reason for a locked account
> 
> Where would this be stored though?
> 
> > 6 - In the "Change password" module instead of entering
> > a new password, to just reset the account based on the
> > reason why it was locked.
> 
> Again, most Unixes don't have a place to store the
> 'original' password .. although HP/UX may differ.
> 
> > 7 - Change the expiry date of an account. e.g. a renewed
> > consultant's contract.
> 
> This should already be do-able in the Users and Groups
> module.
> 
>  - Jamie
> 
> > These items are all pertaining to HP Trusted Mode.
> > 
> > TIA for your time
> > 
> > 
> > Francis
> > 
> > 
> > > On 23/Oct/2006 13:47 flq wrote ..
> > > > Hi all,
> > > > 
> > > > I am using Webmin, a very useful tool btw, to manage
> > > > users on many Unix platforms.
> > > > 
> > > > The hurdle I came across is the fact that Webmin
> > > > does not fully support HP-UX in Trusted Mode.
> > > > 
> > > > I would like to know, since I did not find any
> > > > threads on mailing lists regarding that matter, if
> > > > there is an on-going effort to support the Trusted
> > > > Mode. 
> > > > I would really like to see it supported as all of
> > > > the HP-UX installs I do are being setup in Trusted
> > > > Mode. 
> > > > If need be, I am willing to run with that flag and
> > > > make it happen.
> > > > 
> > > > Please let me know if I can be of any help in order
> > > > to resolve this issue.
> > > > 
> > > > TIA
> > > > 
> > > Hi Francis,
> > > 
> > > I am aware of HP/UX's trusted mode, but unfortunately
> > > haven't put any effort into supporting it in Webmin,
> > > as I don't have any HP/UX hardware of my own ..  and
> > > it isn't as popular an OS as Linux or Solaris.
> > > 
> > > However, I would be glad to accept a patch to the
> > > Users and Groups module to add trusted mode support.
> > > Or if you could give me remote root access to a box
> > > with HP/UX installed, I should be able to update
> > > Webmin to support it.
> > > 
> > >  - Jamie
> > > 
> > >
> > >
> ----------------------------------------------------------
> > > --------------- Using Tomcat but need to do more? Need
> > > to support web services, security? Get stuff done
> quickly with pre-integrated technology to make your job
> > > easier Download IBM WebSphere Application Server
> > > v.1.0.1 based on Apache Geronimo
> > >
> >
>
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> > > -
> > > Forwarded by the Webmin mailing list at
> > > web...@li... To remove yourself
> > > from this list, go to
> > >
> >
> >
> http://lists.sourceforge.net/lists/listinfo/webadmin-list 
> ----------------------------------------------------------
> > --------------- Using Tomcat but need to do more? Need
> > to support web services, security? Get stuff done
> > quickly with pre-integrated technology to make your job
> > easier Download IBM WebSphere Application Server v.1.0.1
> > based on Apache Geronimo
>
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> > -
> > Forwarded by the Webmin mailing list at
> > web...@li... To remove yourself
> > from this list, go to
> http://lists.sourceforge.net/lists/listinfo/webadmin-list
> 
> ----------------------------------------------------------
> --------------- Using Tomcat but need to do more? Need to
> support web services, security? Get stuff done quickly
> with pre-integrated technology to make your job easier
> Download IBM WebSphere Application Server v.1.0.1 based on
> Apache Geronimo
>
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> -
> Forwarded by the Webmin mailing list at
> web...@li... To remove yourself
> from this list, go to
> http://lists.sourceforge.net/lists/listinfo/webadmin-list