HTTPS SERVER FOR USER PASSWORD CHANGE
This server provides a safe and friendly way for users to change
their password from a web browser.
The server is simply a front end to commands or scripts that will
perform the real passwords change. This can be used with commands like passwd, yppasswd, smbpasswd, ldappasswd, vncpasswd, ...
Why is this useful
This server was designed for environments were is not easy to persuade users to enter a Linux server and run a command for changing their passwords.
One case where this is useful is when ms-windows users have home directories in samba servers, but don't login to the domain. In this situation some clients don't provide a way for users to change their passwords on the samba server.
This service also makes it possible for users to change their passwords from anywhere on the internet.
The server acts as follows:
- Send the form to the client (web browser).
- When a POST is received (fields "username"; "password";
"newpass1"; "newpass2"), the PAM user authentication is checked using the "username" and "password" fields.
- If authentication is accepted then the server UID/GID are changed to match the user and the external commands are executed (in a pseudo-terminal) to change the user password.
Setting up
Requirements: OPENSSL, PAM, others(?)
- Untar passwdd.tgz and go to directory passwdd just created.
- Run "make" (sorry: no configure available for now)
- Run "make install", this will generate a RSA 512 bits key and the certificate, you will be prompted for some local data.
Then several files will be installed:
- /usr/local/sbin/passwdd (the server binary)
- /usr/local/etc/passwdd.conf (the server configuration file)
- /usr/local/etc/passwdd.prikey (RSA private key)
- /usr/local/etc/passwdd.cert (RSA public key certificate)
- /usr/local/etc/passwdd_form.html (the form to be presented to the user)
- /usr/local/etc/passwdd_ok.html (html page saying the password was changed)
- /usr/local/etc/passwdd_ko.html (html page saying the operation failed)
- /usr/local/etc/passwd.gif (sample icon)
- Configure /usr/local/etc/passwdd.conf (see below)
- Make the server available, either in standalone mode or using inetd/xinetd:
- STANDALONE: run "/usr/local/sbin/passwdd -D", later you will place this on a startup script like "rc.local".
- INETD/XINETD: configure inetd/xinetd/services to run the command "/usr/local/sbin/passwdd"
- Now you can use a web browser to test the service. The server sends messages to the system logger so you can see what is going on.
Command line options
passwdd [-D] [-C filename]
-D - run in standalone mode (in background), default is to run in inetd/xinetd mode.
-C filename - use configuration file "filename", default is /usr/local/etc/passwdd.conf
Configuration file
The sample configuration file has some comments about the available options, all options must start on the first column and are up case:
- PORT number - defines the decimal port number to be used when the service is run in standalone mode. Defaults to the standard https port (443).
- PAM string - PAM service name for user authentication. Defaults to system-auth.
- FORM filename - html file with the form to be presented to users, the form must use the POST method and must contain fields named "username", "password", "newpass1" and "newpass2". Default file is /usr/local/etc/passwdd_form.html.
- OK filename - html file to be presented when the operation is successful. Default is /usr/local/etc/passwdd_ok.html.
- KO filename - html file to be presented when the operation fails. Default is /usr/local/etc/passwdd_ko.html.
- SRC filename - makes the file "filename" (full path required) available on the browser. All filenames will be available at the root of the server (no path). Up to 100 SRC options may be used. Default is no SRC options.
- MINLEN value - sets the minimal password length accepted. Default is 6.
- MINUID value - users with UIDs bellow this value can't change their passwords. Default is 100.
- Options related with external commands
This options must be placed in the correct order (command sequence) and have no defaults.
The first option is always COMMAND command-filename and will make the server run the named command, full-path required, arguments allowed.
The next options deal with the command output and input:
- ASKUSER string - wait for the command to print the string as a prompt for the username, then send the username to the command.
- ASKPASSWD string - wait for the command to print the string as a prompt for the current password, then send the password to the command.
- ASKNEWPASSWD string - wait for the command to print the string as a prompt for the new password, then send the new password to the command.
- SAYSUCCESS string - wait for the command to print the string which means the command was successful. This option terminates (closes) a COMMAND sequence.
The command-filename to be used and the string arguments are up to you, you must check what does the command prompts for and match those prompts with options ASKUSER/ASKPASSWD/ASKNEWPASSWD.
Finally you must check the output of the command on success and match that with the SAYSUCCESS option.
All matches are case sensitive and may be partial, the string argument may be a sub-string of the command output.
Changing multiple passwords
You can use multiple command sequences, in that case they will be performed in the order specified. With multiple command sequences the operation is considered a success only if there is success on all command sequences.
This may take to some inconsistency, if the first command is successful and the second fails, then the user will be told the operation failed but the password related with the first command has changed.
For now, if you require this use you should place first the commands that fail more often.
Changing the HTML files to meet your preferences
All 3 html files can be changed at your will, be careful with the form file, it must have a form with the post method containing 4 fields named "username", "password", "newpass1" and "newpass2".
The html files can have images and references to other documents that may be provided by this server if the SRC option is used.
To-do list
- The only files with static location are the private key and the public certificate, this will be fixed in next release.
- Implementation of an automatic undo for the situation were multiple passwords are changed and the first commands are successful but then one fails.
- Create a configure script.
- In the current version, whatever goes wrong the user will always get the same message (this is the safer way). Possibly in some situations the user should get other messages.