Allow users to change their password

Hi everybody.

I used the guide I found at this link: https://www.linode.com/docs/email/postf … -and-mysql">https://www.linode.com/docs/email/postfix/email-with-postfix-dovecot-and-mysql

Everything works very well… but now I face a problem:

users ask me to allow them to change their password but I really don't know how to do it!

Somebody suggested me to install postfixadmin but it doesn't read the existing dates in my "mailserver" mysql database although I gave the correct parameters to connect to that database. Checking it with phpmyadmin I noticed that postfixadmin made new and different tables and new dates but postfix is still reading the tables I made by using the guide above (thanks God!).

How can I allow people to change their password for example by a web-served interface?

Thank you since now!

14 Replies

You could try a webmail package like SquirrelMail which supports changing passwords. Roundcube might do that also.

Edit: you could also look at these add-on configuration software options. I haven't used any myself or heard of others using them, so can't give a recommendation.

I already installed squirrelmail but I cannot find the place where I can change the password. Can you indicate it to me?

Thank you

You could take a look at this utility. https://github.com/chip-rosenthal/web-chpass

Please use https + Always use due diligence when dealing with user passwords.

thank you for your help, but that tool only works with pam or ldap login system.

those are not my conditions.

I'm in big trouble now, because my users want to change their own passwords and I really don't know how to do it

:cry: :cry: :cry: :cry:

Hi,

I can propose a solution for you. You can try to allow every user on the system to use the passwd command on the server. The only drawback is that they will be able to change other users' password. This is bad, but there is something that you can do about it. For example, you can restrict users to only use the passwd command on their own usernames by allowing them to run a script that changes their password as root. You can allow all the users in your system to use this file by just running a simple command.

Overall, this tasks follows this concept: Place all your users in the /etc/sudoers file to use a script that allows them to change their own usernames and not others.

To get all the users on your system:

cat /etc/passwd | cut -f1 -d:

Find where the binary of passwd is located:

which passwd

The following file will allow users to change their own passwords, lets call it changepasswd:

#!/bin/bash
passwd `whoami`

Please make sure that you give it executable permissions with chmod and place it in your $PATH. Your /etc/sudoers file should look something like:

> bob ALL=(root) /usr/bin/changepasswd

Assuming that bob is the username and /usr/bin/passwd is the location of the changepasswd binary you made earlier. To change their own passwords, your clients will just need to type changepasswd. If there are a lot of users on your server, I can make a small script that generates the sudoers files for you.

I hope this helps you in some way. Do not hesitate to ask me for further clarification or suggestions.

@doctorwhorm:

I already installed squirrelmail but I cannot find the place where I can change the password. Can you indicate it to me?

As stated at the previous link, changing passwords in SquirrelMail is handled by a plugin. Supposedly, version 1.5 includes a change_password plugin; if you are using an earlier version of SquirrelMail, try one of these ("Change SQL Password" is probably what you want).

You will need to enable and configure the plugin for its functionality to become available. See the README and INSTALL files for the plugin for instructions.

@f1re_w1re:

Hi,

I can propose a solution for you. You can try to allow every user on the system to use the passwd command on the server. The only drawback is that they will be able to change other users' password. This is bad, but there is something that you can do about it. For example, you can restrict users to only use the passwd command on their own usernames by allowing them to run a script that changes their password as root. You can allow all the users in your system to use this file by just running a simple command.

Overall, this tasks follows this concept: Place all your users in the /etc/sudoers file to use a script that allows them to change their own usernames and not others.

To get all the users on your system:

cat /etc/passwd | cut -f1 -d:

Find where the binary of passwd is located:

which passwd

The following file will allow users to change their own passwords, lets call it changepasswd:

#!/bin/bash
passwd `whoami`

Please make sure that you give it executable permissions with chmod and place it in your $PATH. Your /etc/sudoers file should look something like:

> bob ALL=(root) /usr/bin/changepasswd

Assuming that bob is the username and /usr/bin/passwd is the location of the changepasswd binary you made earlier. To change their own passwords, your clients will just need to type changepasswd. If there are a lot of users on your server, I can make a small script that generates the sudoers files for you.

I hope this helps you in some way. Do not hesitate to ask me for further clarification or suggestions.

Thank you so much for your help, but I already knew those commands… those are Linux commands and they refere to real users. My mail server system uses virtual users stored into a MySQL database.

@Vance:

@doctorwhorm:

I already installed squirrelmail but I cannot find the place where I can change the password. Can you indicate it to me?

As stated at the previous link, changing passwords in SquirrelMail is handled by a plugin. Supposedly, version 1.5 includes a change_password plugin; if you are using an earlier version of SquirrelMail, try one of these ("Change SQL Password" is probably what you want).

You will need to enable and configure the plugin for its functionality to become available. See the README and INSTALL files for the plugin for instructions.

YES!!! THANK YOU!!! This is what I really needed!

My only problem now is how to configure it to make the correct queries into my database. The database I made is the same explained in the guide above:

https://www.linode.com/docs/email/postf … -and-mysql">https://www.linode.com/docs/email/postfix/email-with-postfix-dovecot-and-mysql

I think I would have to change something among the various settings in config.php could you help me please?

I can't promise that the below is correct. I based it on looking at the configuration options in the "Change SQL Password" plugin, not the change_password one included with SquirrelMail 1.5. The table and column references correspond to those in the Linode guide. There is a good chance it will need some work but it should serve as a starting point.

// Replace mailuserpass with the password you chose when creating the database
$csp_dsn = 'mysql://mailuser:mailuserpass@localhost/mailserver';

$lookup_password_query = 'SELECT count(*) FROM virtual_users WHERE email = "%1" AND password = %4';

$password_update_queries = array( 'UPDATE virtual_users SET password = %4 WHERE email = "%1"' );

$password_encryption = 'MYSQLENCRYPT';

$csp_salt_query = 'SELECT SUBSTRING_INDEX(password, "$", 3) FROM virtual_users WHERE email = "%1"';

// Use this to force users to do password changes over HTTPS
$csp_secure_port = 443;

@Vance:

I can't promise that the below is correct. I based it on looking at the configuration options in the "Change SQL Password" plugin, not the change_password one included with SquirrelMail 1.5. The table and column references correspond to those in the Linode guide. There is a good chance it will need some work but it should serve as a starting point…..

Thanks a lot! I will try to work on it… I hope I could count on your help whenever I may need some other help.

Thanks again.

I tried the steps you wrote,

Something happens but the problem is that I cannot see anything more after login, just a white page.

Whenever I enter again the ./conf.pl and I remove the change-sql plugin, I can see again my webmail page.

Any suggestion or advise?

I was trying to understand anything in sql commands but I have to admit that it's not my competence. I really don't understand a bit of that! I don't know how to handle sql commands and calls… I need helpl please.

This is what I made:

First I went to /usr/share/squirrelmail/plugins/change-sqlpass

and I edited config.php changing it as the follow:

$csp_dsn = 'mysql://mailuser:mailpass@localhost/mailserver';     **I changed the user and the password of course --

$lookup_password_query = 'SELECT count(*) FROM virtual_users WHERE email = "%1" AND password = %4';

$password_update_queries = array('UPDATE virtual_users SET password = %4 WHERE email = "%1"');

$password_encryption = 'MYSQLENCRYPT';

$csp_salt_query = 'SELECT SUBSTRING_INDEX(password, "$", 3) FROM virtual_users WHERE email = "%1"';

$csp_secure_port = 443;

Then I went to /usr/share/squirrelmail/config and I ran ./conf.pl

I chose the 8th item to manage plugins, then I hit 5 to activate the change-sqlpass.

So I hit S to save and Q to quit.

At this point I tried http://www.mysite.eu/squirrelmail

I could access the login, but after that I got a white page.

Going again to config by ./conf.pl I deactivated the change-sqlpass and save again…

Now I can see again my webmail.

What is happening?

Sorry, I don't have SquirrelMail installed so I can't give you a detailed step-by-step guide. Perhaps someone else can help here, or you can see if the SquirrelMail support lists can help.

If you followed the Linode guide, your database configuration will have the following values.

MySQL username: mailuser

MySQL password: (whatever password you chose when creating the database)

MySQL database name: mailserver

MySQL user table name: virtual_users

MySQL column containing e-mail addresses: email

MySQL column containing passwords: password

E-mail password encryption: MYSQLENCRYPT [MySQL ENCRYPT() using SHA-512]

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct