Adrian wrote:
> I think I'd be inclined to go with the web interface myself.
>
I agree, one way (perhaps the most thorough) to achieve this would is to
use LDAP as your user database managed by the admin. I use phpldapadmin as
well as the bash to manage users and once I had LDAP running moved all
user accounts over to it. LDAP is great as it has flexibility across
networks.
I used authconfig to switch over to LDAP them removed accounts from the
Linux user accounts /etc/passwd /etc/group and so on with userdel but the
POSIX accounts now exist in LDAP, you can have both but it is tidier to
keep the accounts in one place.
To allow users to change passwords I then setup HTTPS using apache and
htaccess - htaccess with LDAP is fantastic - as soon as a user changes
their password for server access to whichever service are provided the
htaccess also changes.
With PHP enabled in apache and installed on your server I have a set of
scripts residing in /var/www which handle the password change mechanism
which hooks into LDAP. The user needs to authenticate against LDAP then
they can change their password with an extremely simple interface.
This has several layers of security as you can see. If you are interested
in the PHP scripts I can make them available on my website later today or
tomorrow - I need to check them first and they are modified and translated
from Danish (by me & Babel Fish) scripts released by a Danish UNIX sys
admin- however I have mislaid his site.
Damian B
--
Damian Brasher
www.interlinux.co.uk
All mail scanned by clam-av
http://www.clamav.net/
