Webpwd 0.3

Announcements of packages that are now released.

Postby dRB » Fri Jan 25, 2008 5:00 pm

^_^ well, my first "official" package release. (considering all other releases have been non-package installs)

Webpwd v0.3.4

<span style='font-size:8pt;line-height:100%'>EDIT: 31-jan-2008 21:05 (0.3.4)</span>
<span style='font-size:8pt;line-height:100%'>EDIT: 29-jan-2008 00:20 (0.3.3)</span>
<span style='font-size:8pt;line-height:100%'>EDIT: 27-jan-2008 19:20 (0.3.2)</span>
<span style='font-size:8pt;line-height:100%'>EDIT: 26-jan-2008 19:20 (0.3.1)</span>

... a secure (HTTPS) web based password change form.
Image

based on Dingetje's Webpwd 0.2p2, this version has been revamped with Courier users in mind.

0.3.x continues to incorporate mini_httpd, with a complete rewrite of webpwd, allowing greater flexibility.
Webpwd 0.3.4 is a secure (HTTPS) web based password change form.

Explicitly customized for use with FREESCO with support for COURIER IMAP/POP3 (enabled by default).

Additionally, webpwd implements directory password protection (enabled by default), using ht_authentication, for both a web mail entrance page and the Webpwd entrance page, thus strengthening user and system security.

If enabled, "Email" user/pw pairs are shadowed from the /etc/passwd file into htpasswd files, as defined in the configuration.

Upon a successful password change, and if enabled, Webpwd immediately sync's the htpasswd files, & Courier's user dbs.

mini_httpd logs in /usr/local/mini_httpd/logs

Default port used is 83, which is blocked from the internet in the rc_webpwd script. To change the port you'll need to edit both this script (firewall rule) and the mini_httpd_conf file. You can use rc_webpwd setup command to edit the latter.

Some accounts are blocked from using the form, as defined in the configuration file.

Incorporates detailed error messaging system.

The web form is located in /usr/local/webpwd/www/


In short:
Webpwd 0.3.4 can be used with or without Courier, but defaults to use with Courier

I considered the following as a default example, based on my setup:
*  /boot/webmail/    ##web mail path
*  /boot/webmail/.htaccess    ##for web mail
*  /boot/web_passwd/.htpasswd    ##for web mail
*  /usr/local/webpwd    ##Webpwd path
*  /usr/local/webpwd/www/.htpasswd    ##for Webpwd


The man page gives a greater configuration break down, which is found in the webpwd man sub directory
/usr/local/webpwd/www/man/webpwd.1.html


Configuration shorts:
#To edit the Webpwd configuration:
rc_webpwd cfgedit

#To edit the links that appear on Webpwd
rc_webpwd urledit


Required:
*Perl
*OpenSSL
Optional:
*Courier (if sync'ing with courier user dbs is required)
*Squirrel (or some web mail app -- if using htpasswd authentication and web mail)

Installation:
Code: Select all
pkg -i http://www.rbtd.com/packages/webpwd-0.3.4-drb


Let me know how this works ... installation and all ... I've tested the installer and the package, with success.


/dRB

P.S.
kudos to Lightning for scripting a most excellent packager. makes life so much easier

and kudos to Dingetje for that fine example installer script

:wub:
Please bear with me ... I seemed to have lost my marbles.
User avatar
dRB
Junior Advanced Member
 
Posts: 196
Joined: Tue Apr 30, 2002 2:08 am
Location: Dryden, Ontario. CANADA

Postby Zedde » Sat Jan 26, 2008 12:01 pm

dRB wrote: Configuration shorts:
#TRUE=disable courier and htpasswd integration
$standalone=FALSE;

#location of password file for webmail application use
#...empty string to disable this feature
$htpwf1="/boot/web_passwd/.htpasswd";

#location of htaccess file for webmail application use
$htaccf="/boot/webmail/.htaccess";

#location of password file for webpwd use
#...empty string to disable this feature
$htpwf2="/usr/local/webpwd/www/.htpasswd";

#list of user account NOT PERMITTED ACCESS to passwd changing
#...should be complete in its current format
@forbidden = qw(root admin nobody <etc>);

Hmmm Where do I set that conf ?
"From now until the end of the world,
we and it shall be remembered.
We few, we Band of Brothers.
For he who sheds his blood with me shall be my brother."
User avatar
Zedde
Junior Advanced Member
 
Posts: 161
Joined: Mon May 20, 2002 3:38 pm
Location: Sweden

Postby dRB » Sat Jan 26, 2008 2:13 pm

:)
as identified in the man page...
[/usr/local/webpwd/www/cgi/pw2htpw.cgi]

I've also edited the above post to reflect this info

/dRB
Please bear with me ... I seemed to have lost my marbles.
User avatar
dRB
Junior Advanced Member
 
Posts: 196
Joined: Tue Apr 30, 2002 2:08 am
Location: Dryden, Ontario. CANADA

Postby dRB » Sun Jan 27, 2008 5:35 am

:D updated
install path:
Code: Select all
pkg -i http://www.rbtd.com/packages/webpwd-0.3.4-drb


Webpwd v0.3.4
1. removed the restrictions in place for some non-ascii password chars
2. updated config file format with greater readability
3. fixed issue with file lock that was removed prior to end of processing
4. added flag to redundant password changing
5. updated man page

Webpwd v0.3.3
1. fixed encryption bug which affected authentication procedure
2. added user/password minimum limits to config file, for edit via rc_webpwd
3. updated man page

Webpwd v0.3.2
1. fixed post install code now calls rc_masq restart
2. fixed incorrect man page link in error screens
3. added taint checks for passwords and user id
4. added config files can now be edited from rc_webpwd call
5. lowered user name minimum limit to 1
6. updated man page

Webpwd v0.3.1
much better scripting, with changes and fixes...

1. fixed small bug in user/pw shadowing, which posed NO security risk
2. fixed restriction for user name min and max limits: 2char min, no max
2. incorporates a detailed error messaging system
3. some cosmetic changes

I've edited the initial release announcement to better reflect updated info

/dRB
Please bear with me ... I seemed to have lost my marbles.
User avatar
dRB
Junior Advanced Member
 
Posts: 196
Joined: Tue Apr 30, 2002 2:08 am
Location: Dryden, Ontario. CANADA

Postby dRB » Tue Jan 29, 2008 1:23 am

bump.

updated release to 0.3.3

/dRB
Please bear with me ... I seemed to have lost my marbles.
User avatar
dRB
Junior Advanced Member
 
Posts: 196
Joined: Tue Apr 30, 2002 2:08 am
Location: Dryden, Ontario. CANADA

Postby dRB » Thu Jan 31, 2008 9:33 pm

bump

updated release to 0.3.4

/dRB
Please bear with me ... I seemed to have lost my marbles.
User avatar
dRB
Junior Advanced Member
 
Posts: 196
Joined: Tue Apr 30, 2002 2:08 am
Location: Dryden, Ontario. CANADA


Return to 3rd Party Package Release Announcements

Who is online

Users browsing this forum: No registered users and 4 guests

cron