[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [seul-edu] Users Changing their Passwords over web?
Quoting Mark Dalton <mwd@sgi.com>:
> What I would need to know is what protocols are
acceptable
> for you, and where they will be changing information
from.
Hi Mark,
I would like to stick to WWW (or at least something menu
driven which could be used by a wide variety of
computers on our LAN).
Everybody seems to be comfortable using a web browser.
It will work from all computers in our LAN (and if I get
courageous -- maybe even out on the Internet -- we would
like to eventually offer some services for alumni so I
guess I will have to make this leap at some point).
At the moment I don't have anything put PHP3 and perl
installed. I am going to start experimenting with SSL
at somepoint -- but have never tried before. I don't
know if it is easy or hard. I don't know much about
LDAP so I guess it is a possibility. But I have found
it to be hard to configure (I wanted to see if I could
figure out how to do Netscape's roaming profiles).
> to know which methods are a option..
> WWW - SSL, LDAP, PHP, etc.
> ssh/srp - (then normal tools, or is 'passwd' to
passwd would be okay, if they could just click on
something, but I assume you mean logging in and then
typing in line commands -- typing commands is definately
not prefered.
> Or do these students need to just access this from the
> machine they are currently using.
>
This is currently just a mailserver -- and they can only
use IMAP and POP to access it. (Most people use IMP so
I would like to just put a link on our IMP home page and
let them just change it from there -- then there is no
training involved and its easy and everybody is happy).
> Are all the machines on the local network, or do you
have
> students with dial-in access.
No dial-in for students, but those who do log into a
walled off part of the LAN. So it shouldn't be any
different for them I would think.
>
> User Level needs:
> > o change their password -- like userpasswd
> > o user information (probably) -- like userinfo
> > o setup email forwarding (some staff are required to
> > have email but want their messages forwarded
somewhere
> > else).
>
The admin stuff would not need to be web based -- at
least not at the moment. The important thing for the
moment is that I avoid the users typing commands. Long
term I also need to make the admin easy too.
> Admin level needs:
> > o able to restrict access to specific IP address (or
a
> > range).
> > o use a different port than normal http (or at least
> > make it firewall filterable somehow).
> >
> - Either option is available.
> 1. Changing the port:
> a. Changing the port can be done through the
> httpd config files.
> * Different port will not help if you are being
> cracked into, since they commonly do port
scans.
> b. Through Proxy or via port forwarding
> * This allows you to move the port
transparently to
> the users..
> 2. Filtering via the firewall (this is also
commonly where
> you would setup the Proxy or portforwarding).
> * Also you can filter based on IP address ranges.
>
> 3. Other things to be concerned about are:
> 1a. CGI scripts/programs
> 1b. You can also chroot so that httpd is running
> in a restricted directory (so they would not
> be able to access any other files).
>
> >
> > Nice feature for some administrators would also be:
> > o a vacation message -- that is mailling list
friendly.
> >
>
> This is available in various packages, Procmail (is
sort
> of cryptic but it works for this). However for a
simple
> vacation message you can just use a generic config and
> the user can just type in a message.
> Again where do you need to be able to do this from??
> - Via a login/telnet/ssh session
> - Via WWW
> - ???
Via WWW.
>
> You can eliminate most of these issues from a linux or
> freebsd firewall.
>
I don't understand this -- do you mean I could extract
parts of existing programs?
Bill
--------------------------------------
If you find this message objectionable
or of questionable authenticity please
contact <support@tasis.ch>.