[RCU] Plugin to reset password

Mike Burger mburger at bubbanfriends.org
Tue Apr 30 14:37:30 CEST 2019


On 2019-04-30 04:16, Giles Coochey wrote:
> On 29/04/2019 21:58, Mike Burger wrote:
>> On 2019-04-29 08:51, Giles Coochey wrote:
>>> On 29/04/2019 13:29, Andreas Meyer wrote:
>>>> Hello!
>>>> 
>>>> There is no plugin available to let a user reset her password, 
>>>> right?
>>>> 
>>>> Kind regards
>>>> 
>>>>    Andreas
>>> 
>>> If you think about this, you'll realise that the answer is no.
>>> 
>>> Roundcube is simply using the supplied credentials to the IMAP 
>>> server,
>>> which could be on a completely different machine to the one running
>>> Roundcube.  Therefore, as within the IMAP protocol, there is no API
>>> for changing a user's password Roundcube could not do that by itself.
>>> 
>>> If you're looking for a user self-service method of changing a
>>> password, then you'll need to look at the authentication method used
>>> by your IMAP server and provide a relevant tool at that end, not on
>>> the RoundCube front-end.
>> 
>> Andreas,
>> 
>> As you'll see by way of the two images I've attached, I'm afraid that 
>> the above response is incorrect.
>> 
>> If you can't find it in <path-to-roundcube>/plugins/password, you can 
>> find it at:
>> 
>> https://github.com/roundcube/roundcubemail/tree/master/plugins/password
>> 
> That plugin makes a lot of assumptions (for a lot of use cases it
> assumes that RoundCube is installed on the IMAP server systems itself,
> which is unlikely, Roundcube is likely to be installed in the DMZ/WEB
> tier, whereas mailbox servers are likely to be installed in the APP
> tier, fronted by loadbalancers in the DMZ tier), in many use cases it
> also requires your to write your own password change module - so at
> best it is a skeleton plugin and not ready for easy deployment.

As I noted in my reply to Reindl, it pays to do a little research.

First of all, the password plugin is packaged WITH RCE...as in, in the 
tarball, and part of the base installation.

Second, if you go into the password plugin directory and peruse the 
README file, you'll find that section 2, "Drivers", covers 20 possible 
configurations:

  2. Drivers
  2.1.  Database (sql)
  2.2.  Cyrus/SASL (sasl)
  2.3.  Poppassd/Courierpassd (poppassd)
  2.4.  LDAP (ldap)
  2.5.  DirectAdmin Control Panel (directadmin)
  2.6.  cPanel
  2.6.1.  cPanel WHM (cpanel)
  2.6.2.  cPanel Webmail (cpanel_webmail)
  2.7.  XIMSS/Communigate (ximms)
  2.8.  Virtualmin (virtualmin)
  2.9.  hMailServer (hmail)
  2.10. PAM (pam)
  2.11. Chpasswd (chpasswd)
  2.12. LDAP - no PEAR (ldap_simple)
  2.13. XMail (xmail)
  2.14. Pw (pw_usermod)
  2.15. domainFACTORY (domainfactory)
  2.16. DBMail (dbmail)
  2.17. Expect (expect)
  2.18. Samba (smb)
  2.19. Vpopmail daemon (vpopmaild)
  2.20. Plesk (Plesk RPC-API)
  2.21. Kpasswd

This would seem to indicate, at least to me, that the fine folks who 
maintain RCE feel that its more than a skeleton plugin and is quite 
ready for easy deployment.

-- 
Mike Burger
http://www.bubbanfriends.org

"It's always suicide-mission this, save-the-planet that. No one ever 
just stops by to say 'hi' anymore." --Colonel Jack O'Neill, SG1


More information about the users mailing list