| Enable users to change their email password (poppassd) A simple guide for MediaTemple (dv) owners. Fernando Deperon Lanças, March, 8, 2009 Original URL: http://www.boundfordelirium.com/guides/changepass/ |
|
|
Guide This guide is based on this one, with a few tweaks to make it work on MediaTemple's (dv) server. First of all, I must say that I am not an IT specialist, just a curious user; so most likely to completely understand the reasons and systematics you should refer to specific tutorials/RFCs. I tried to let my users to directly change their email password since I acquired a (dv) and, after some time, I found poppassd, which wouldn't work out of the box, so after some reading and try/error, I finally got it going. This guide requires ssh root access. The poppassd daemon is a third-party software that opens a port (106) on your server, so use at your own risk. I do not guarantee it will work and take no responsibility on problems that may occur after the installation. I suggest you always copy the original file to FILENAME.OLD before editing. That said, let's go! 1) Download poppassd RPM for CentOS 5.2: wget http://rpm.razorsedge.org/centos-5/RE/poppassd-1.8.5-3.el5.re.i386.rpm. Since it's a RPM, just run rpm -U poppassd-1.8.5-3.el5.re.i386.rpm to install it. 2) Now edit your poppassd init configuration: vim /etc/xinetd.d/poppassd. Mine looks like this:
service poppassd
{
disable = no
socket_type = stream
protocol = tcp
port = 106
wait = no
user = root
server = /usr/sbin/poppassd
only_from = 127.0.0.1
log_on_success += USERID # <--- HERE IS THE TRICK
log_on_failure += USERID # <--- AND HERE TOO
}
3) Edit poppassd security configuration: vim /etc/pam.d/poppassd. Here is mine: #%PAM-1.0 #% PAM-1.0 auth required pam_unix_auth.so shadow nullok account required pam_unix_acct.so password required pam_cracklib.so retry=3 password required pam_unix_passwd.so use_authtok nullok 4) Restart xinetd: service xinetd restart. 5) Now, to be sure it works, let's try logging in from your local machine. Open your favorite terminal application and type: 5.1) telnet YOUR_MAIN_DOMAIN 106 If you get the "200 poppassd hello, who are you?" welcome message, we are good. Insert your full email address after the user command: 5.2) user YOUR_EMAIL_ADDRESS If poppassd asks for your password with "200 Your password please.", just give it using the pass command: 5.3) pass CURRENT_PASSWORD Ok. So now the server requires you to enter the new password with "200 Your new password please.". Just give it with newpass: 5.4) newpass NEW_PASSWORD If you see "200 Password changed, thank-you." we are good, it worked perfectly. Now, just to do everything correctly, let's leave the server with quit to be sure your connection is closed. 5.5) quit You should see the "200 Bye." from server. It's done! Notes It is important to have in mind a few restrictions from your server like the password not containing the username in ANY PLACE. This service (poppassd) works better if you give your users a front-end, just like Horde and Squirrel offer plug-ins. A uControl-like interface could be made and with a few simple bash scripts you can offer your users even more customizations. You can place the interface wherever you prefer, and give it the look you want. I, personally, just edited Horde's (my default webmail client) main page at /usr/share/psa-horde/imp/templates/login/login.inc and added a link to a simple interface at the last line of the file by placing: <center><a href="changepass.php">Change Password</a></center> This line will insert a simple text link to Horde's initial page, right below Log In button, above the Horde logo. Interface There are several php scripts around, but I have gathered one made by Heloisa Karina Costa which connects to poppassd and changes the password. To it I added a few functions and implemented jQuery Password Strength Meter (http://phiras.wordpress.com/2007/04/08/password-strength-meter-a-jquery-plugin/) provided by Firas Kassem with a few personal tweaks. After a little playing I came up with a simple and clean interface. » Screenshot here Not being a programmer makes my code pretty dirty and most likely, with 1/3 of the lines it would work the same way if an actual programmer wrote it, but may main goal is to make it work. I tried to keep it as simple as possible and offer an easy way for beginners to customize. The main html text can be edited using a WYSIWYG editor. The error messages were placed as close as possible to the top. Also, I left all comments from the original files used, so authors will be credited as they should. To change the jQuery messages just edit js/passwordStrengthMeter.js and type what you desire. To use this interface, just download it and extract to /usr/share/psa-horde/imp. The simplest way is:
1) cd /usr/share/psa-horde/imp
2) wget http://www.boundfordelirium.com/guides/changepass/poppassd_changepass.tar 3) tar -xpvf poppassd_changepass.tar (if you are asked, accept overwriting) Now go to a webmail address. This setup will add the interface to all your (dv) websites. You should see the "Change Password" link. Click it and have fun. Download To download it, click here. The poppassd_changepass.tar file (130kb) contains:
I hope I helped. If you want, send me a feedback/suggestion: me@boundfordelirium.com. Bound for Delirium |
|
