[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [seul-edu] Users Changing their Passwords over web?



Ben,

What I would need to know is what protocols are acceptable
for you, and where they will be changing information from.

You mentioned telnet was not a option, so we would need
to know which methods are a option..
	WWW     - SSL, LDAP, PHP, etc.
	ssh/srp - (then normal tools, or is 'passwd' to odd
		  to students).  Or would you like a menu
		  driven program for multiple features.
		  (password, 
Or do these students need to just access this from the
machine they are currently using.  

Are all the machines on the local network, or do you have
students with dial-in access.

I am still a little confused about what you need..
(It is probably just me..).  But it seems like you
have mixed user level stuff with Administration level
stuff (correct me if I am wrong).

> I users need to be able to change their (after they
> correctly enter their username and password):
> 

User Level needs:
> o change their password -- like userpasswd
> o user information (probably) -- like userinfo
> o setup email forwarding (some staff are required to
> have email but want their messages forwarded somewhere
> else).

Admin level needs:
> o able to restrict access to specific IP address (or a
> range).
> o use a different port than normal http (or at least
> make it firewall filterable somehow).
> 
   - Either option is available.
	1. Changing the port:
	   a. Changing the port can be done through the 
                httpd config files.
	      * Different port will not help if you are being
	        cracked into, since they commonly do port scans.
	   b. Through Proxy or via port forwarding
	      * This allows you to move the port transparently to
                 the users..
        2. Filtering via the firewall (this is also commonly where
	   you would setup the Proxy or portforwarding).
	    * Also you can filter based on IP address ranges.

	3. Other things to be concerned about are:
	    1a. CGI scripts/programs
	    1b. You can also chroot so that httpd is running
	        in a restricted directory (so they would not
                be able to access any other files).

>
> Nice feature for some administrators would also be:  
> o a vacation message -- that is mailling list friendly.
>  

This is available in various packages, Procmail (is sort
of cryptic but it works for this). However for a simple
vacation message you can just use a generic config and
the user can just type in a message.
Again where do you need to be able to do this from??
	- Via a login/telnet/ssh session
	- Via WWW
	- ???

You can eliminate most of these issues from a linux or
freebsd firewall.

Mark

> At least until I install SSL I would also like to
> restrict access to this port to my LAN and ignore
> requests from the Internet.  (Probably even blocking
> them with my firewall too).
> 
> 
> Quoting Doug Loss <dloss@csrlink.net>:
> 
> > Bill Tihen -- TECHNOLOGY wrote:
> > >
> > > I am thinking of the linux account information.
> >
> > > 2) My boss wants to get rid of all the Linux
> servers.
> > > He is afraid because I am the only computer guy at
> my
> > > school and if I go on vacation and something goes
> down
> > > no one will be able to fix it.  None of the local
> > > vendors know Linux -- they all think it is brand new
> and
> > > will go away in 6 months anyway.
> > >
> > > So the moral of the story is that I need to make
> > > everything as easy as possible even the servers or
> else
> > > it will go away and become Windows NT.
> > >
> > Take a look at Webmin:
> >
> > <http://www.webmin.com/webmin/>
> >
> > There's also K12Admin and Roster from our projects
> page, and
> > Authenticated User Community
> <http://library.advanced.org/27155/> that
> > might be useful to this end.
> >
> > --
> > Doug Loss                 The difference between the
> right word and
> > Data Network Coordinator  the almost right word is the
> difference
> > Bloomsburg University     between lightning and a
> lightning bug.
> > dloss@bloomu.edu                Mark Twain
> > 
> 
> 
> --------------------------------------
> If you find this message objectionable 
> or of questionable authenticity please 
> contact <support@tasis.ch>.
> 


-- 
Mark Dalton       CH3-S-CH2 H                      H      O       H
Silicon Graphics, Inc.  |   |                      |       \      |
Eagan, MN 55121         CH2-C-COO    //\ ---C--CH2-C-COO    C-CH2-C-COO
mwd@sgi.com                 |       |  ||   ||     |       //     |
                            NH3      \\/ \ / CH    NH3    O       NH3
                                          NH
My home page: http://www.cbc.umn.edu/~mwd/mwd.html
Cell Biology: http://www.cbc.umn.edu/~mwd/cell.html