Could it be possible to build a change password feature to the RoundCube? I have users who don't have (or never will have) shell access so this is the single most important feature needed to change my RounCube to my primary webmail.
Is there a mechanism via IMAP that allows for the changing of passwords without shell access? I too would like this feature because trying to service a lot of users is hairy.
Geuis
On 12/8/05, Kari Päivärinta kari.paivarinta@viivatieto.fi wrote:
Could it be possible to build a change password feature to the RoundCube? I have users who don't have (or never will have) shell access so this is the single most important feature needed to change my RounCube to my primary webmail.
-- Kari Päivärinta
There's no IMAP change password command as far as I know. Eudora et. al. have always used a separate protocol for changing passwords, requiring that "poppassd" be running on the mail server.
http://echelon.pl/pubs/poppassd.html
It uses PAM, so you can use it to change LDAP, system, Samba, etc passwords.
That's probably the best bet for a password change plugin, although it introduces a new server dependency. The only other way I've found of changing passwords via the web (besides direct LDAP queries, which I use) is via an suid root CGI, which would introduce all kinds of bad dependency/configuration/security issues - not something I'd recommend for RC.
-j
On Thu, 2005-12-08 at 08:30 -0500, Geuis Teses wrote:
Is there a mechanism via IMAP that allows for the changing of passwords without shell access? I too would like this feature because trying to service a lot of users is hairy.
Geuis
On 12/8/05, Kari Päivärinta kari.paivarinta@viivatieto.fi wrote:
Could it be possible to build a change password feature to the RoundCube? I have users who don't have (or never will have) shell access so this is the single most important feature needed to change my RounCube to my primary webmail. -- Kari Päivärinta
If you have an immediate need for password changing via the web, I've used this suid CGI successfully:
http://www.redhat.com/archives/pam-list/2000-January/msg00059.html
Note that you'll have to create a new "webpasswd" service in your pam configuration directory.
Not an optimal long-term solution, though. See the WARNING WARNING WARNING block in the header comments. You'll probably want to rename it, put it at some obscure URL and not publicly link to it as a precaution.
-j
On Thu, 2005-12-08 at 14:09 +0200, Kari Päivärinta wrote:
Could it be possible to build a change password feature to the RoundCube? I have users who don't have (or never will have) shell access so this is the single most important feature needed to change my RounCube to my primary webmail.
I have seen qmailadmin used with qmail (qmail-imap) servers in the past for managing the users of a domain. Is there a chance of perhaps migrating something of this sort into RC? (IE- if you login to RC as postmaster, then you can edit users, etc.)
Besides adding username and passwords, it also maintains "aliases, forwards, mailing lists and auto responders".
http://www.inter7.com/index.php?page=qmailadmin
According to their site, it is compatible with sqwebmail. I wonder what this "compatibility" is.
*Other packages compatible with qmailadmin:*
* vpopmail <http://www.inter7.com/index.php?page=vpopmail> : virtual
domain package for qmail
* vqregister <http://www.inter7.com/index.php?page=vqregister> : cgi
email signup program
* vqadmin <http://www.inter7.com/index.php?page=vqadmin> : a system
wide admin interface. Allows for addition and deletion of domains.
Supports multiple admins accessing user accounts and domains
* sqwebmail <http://www.courier-mta.org/sqwebmail/> : a hotmail like
web mail interface by MrSam
* Courier-IMAP <http://www.courier-mta.org/imap/>
Kevin L.
Jeremy Jongsma wrote:
There's no IMAP change password command as far as I know. Eudora et. al. have always used a separate protocol for changing passwords, requiring that "poppassd" be running on the mail server.
http://echelon.pl/pubs/poppassd.html
It uses PAM, so you can use it to change LDAP, system, Samba, etc passwords.
That's probably the best bet for a password change plugin, although it introduces a new server dependency. The only other way I've found of changing passwords via the web (besides direct LDAP queries, which I use) is via an suid root CGI, which would introduce all kinds of bad dependency/configuration/security issues - not something I'd recommend for RC.
-j
On Thu, 2005-12-08 at 08:30 -0500, Geuis Teses wrote:
Is there a mechanism via IMAP that allows for the changing of passwords without shell access? I too would like this feature because trying to service a lot of users is hairy.
Geuis
On 12/8/05, *Kari Päivärinta* <kari.paivarinta@viivatieto.fi mailto:kari.paivarinta@viivatieto.fi> wrote:
Could it be possible to build a change password feature to the RoundCube? I have users who don't have (or never will have) shell access so this is the single most important feature needed to change my RounCube to my primary webmail. -- Kari Päivärinta
-- Jeremy Jongsma jeremy@jongsma.org mailto:jeremy@jongsma.org http://jongsma.org
On 12/8/05, *Kari Päivärinta* <kari.paivarinta@viivatieto.fi mailto:kari.paivarinta@viivatieto.fi> wrote:
Could it be possible to build a change password feature to the RoundCube? I have users who don't have (or never will have) shell access so this is the single most important feature needed to change my RounCube to my primary webmail. -- Kari Päivärinta
Geuis Teses wrote:
Is there a mechanism via IMAP that allows for the changing of passwords without shell access? I too would like this feature because trying to service a lot of users is hairy.
Geuis
We have our user information stored in MySQL. The Squirrelmail plugin is just an interface to that.
Hi Kari P?iv?rinta, On Thu, Dec 08, 2005 at 02:09:34PM +0200 you wrote something like:
Could it be possible to build a change password feature to the RoundCube? I have users who don't have (or never will have) shell access so this is the single most important feature needed to change my RounCube to my primary webmail.
I have to say, I don't think that a mail client should have access to change the passwords; it produces an awful lot of dependencies on the server side. Instead, each service should produce their own method of changing passwords in a way which makes sense to their password databases.
Craig Webster | t: +44 (0)131 516 8595 | e: craig@xeriom.net Xeriom.NET | f: +44 (0)709 287 1902 | w: http://xeriom.net
On Thu, 8 Dec 2005 17:16:34 +0000, Craig Webster craig@xeriom.net wrote:
Hi Kari P?iv?rinta, On Thu, Dec 08, 2005 at 02:09:34PM +0200 you wrote something like:
Could it be possible to build a change password feature to the RoundCube? I have users who don't have (or never will have) shell access so this is the single most important feature needed to change my RounCube to my primary webmail.
I have to say, I don't think that a mail client should have access to change the passwords; it produces an awful lot of dependencies on the
I'm totally in agreement with this, Roundcubemail is supposed to be a webmail client, not a full fledged web/server/email/smtp/spam/virus implementation, something that Novell's Hula is supposed to be; it's a webmail client, and the best one out there yet IMHO. Look at the about page: http://www.roundcube.net/?p=about there's nothing on there that says it wants to be anything more, and I for one hope that doesn't change, the focus should be on useabilty and functionality within a client webmail realm; not OS level functions. If you want/need to change user passwords, I'd recomment something like Webmin - or some homegrown password change webpage, though I wouldn't trust it to be secure. I dont' think Roundcube is ready to jump into any Corp environments, so I don't see a need to do anything beyond that yet. I would hope in the future that they're be a sep project, an admin gateway that would compliment Roundcube - but again, with all the backends being so disparate, who k nows how many functions it would have to cover. Again, I don't want those admin features in a web client, but would see it being a sep/complimentary project.
http://fak3r.com - you don't have to kick it
I have to say, I don't think that it would be very userfriendly for our customers to have a second separate systems just to change password. "I'm having this great myrandommail.com account which has excellent webmail, but if I want to change my password once a year I have to go to some other passwd.myrandommail.com-site and there I can change my password."
OK, it's not a pure mail client feature, but as webmail for some cases is the only client to access mail it wouldn't do harm if it included the password change option. For example I have mail accounts for my family (yes, grandma too), friends and so on.. I don't want to teach each of them aging from 13 to 80(?) how to use SSH to just change their webmail password. Neither do I see that it would be a good solution for them or to me as an administrator to set up Webmin (or likes) complicated gizmos for such a (seamingly) simple task. And let me quote you here: "I wouldn't trust it to be secure.".
After posting this request I thought more of it and remembered that as RC is using IMAP to connect perhaps remote mailservers there isn't allways the connection to server itself on any other level than IMAP. This makes the password feature seem to be quite obsolete and far fetched to build in this remote mail client. But on the other hand I see the usage just like all my webmail installations where the webmail is running even on the mailserver itself. And I tend to think that more often the system is being used to access "local" mail than remote.
Against these thoughts I find your comment "not a full fledged web/server/email/smtp/spam/virus implementation" a bit unfair as I'm just querying for an obvious and rather (seamingly) simple feature for a system that is going to be the only boundary between my systems (which are taking care of webserver, smtp, spam and virus etc.) and the users who just want to read their email and once a year (atleast, I hope) to change their password. It's shouldn't be an "admin feature" to change your own personal password.
So webmail will be their only system, I'm not going to use any other "webmins". I just wish that it could be somehow implemented within the webmail and if it's not going to be "mainstream" I can make my own modifications there - no problem. I've just learned to keep my own mods as few as possible with openwebmail which is the system I now want to replace because with the quantity of mods I need to be doing there practically disables future updates.
So far RC is very promising and I just love the simplicity of it (versus the few thousand insignificant options of openwebmail that it's trying to thow at simple users face). It's just lacking the password changing feature to get being used for all my noncommercial users. And by the way it's implemented I don't even expect it from it but it would certainly be a bonus.
RC <3
-- Kari
PS: Sorry. :)
phil wrote:
On Thu, 8 Dec 2005 17:16:34 +0000, Craig Webster craig@xeriom.net wrote:
Hi Kari P?iv?rinta, On Thu, Dec 08, 2005 at 02:09:34PM +0200 you wrote something like:
Could it be possible to build a change password feature to the RoundCube? I have users who don't have (or never will have) shell access so this is the single most important feature needed to change my RounCube to my primary webmail.
I have to say, I don't think that a mail client should have access to change the passwords; it produces an awful lot of dependencies on the
I'm totally in agreement with this, Roundcubemail is supposed to be a webmail client, not a full fledged web/server/email/smtp/spam/virus implementation, something that Novell's Hula is supposed to be; it's a webmail client, and the best one out there yet IMHO. Look at the about page: http://www.roundcube.net/?p=about there's nothing on there that says it wants to be anything more, and I for one hope that doesn't change, the focus should be on useabilty and functionality within a client webmail realm; not OS level functions. If you want/need to change user passwords, I'd recomment something like Webmin - or some homegrown password change webpage, though I wouldn't trust it to be secure. I dont' think Roundcube is ready to jump into any Corp environments, so I don't see a need to do anything beyond that yet. I would hope in the future that they're be a sep project, an admin gateway that would compliment Roundcube - but again, with all the backends being so disparate, who k nows how many functions it would have to cover. Again, I don't want those admin features in a web client, but would see it being a sep/complimentary project.
P
http://fak3r.com - you don't have to kick it
You are right that it would be a very nice feature, a nice-to-have and logical to put in a webmail-client. However; the feature isn't available with IMAP; so it is impossible to build. If you want it that hard; it might be a good idea to focus on how to integrate an external application (a password changer) in RoundCube, which would be a nice question and it would be good if there would be an howto on modifying templates, and adding (custom) functionality to RoundCube.
Sjon
From my point of view, RC NEVER should do something like this for regular
users. Only an administrator (when an admin interface is implemented) should do that.
If that feature is required, it should be implemented as a plugpin with direct access to the database.
Regards,
-- Andres Jimenez
As a bit of a poll, how many people on this list using roundcube have Cpanel as a backend? i.e. this is how you manage your user accounts and passwords.
On 12/9/05, Andres Jimenez gandresin@gmail.com wrote:
From my point of view, RC NEVER should do something like this for regular users. Only an administrator (when an admin interface is implemented) should do that.
If that feature is required, it should be implemented as a plugpin with direct access to the database.
Regards,
-- Andres Jimenez
I don´t use Cpanel, but Direct Admin. An alternative -very good indeed- to Cpanel...
Geuis Teses geuis.teses@gmail.com wrote: As a bit of a poll, how many people on this list using roundcube have Cpanel as a backend? i.e. this is how you manage your user accounts and passwords.
On 12/9/05, Andres Jimenez gandresin@gmail.com wrote: From my point of view, RC NEVER should do something like this for regular users. Only an administrator (when an admin interface is implemented) should do that.
If that feature is required, it should be implemented as a plugpin with direct access to the database.
Regards,
On Fri, 9 Dec 2005 08:42:31 -0500, Geuis Teses geuis.teses@gmail.com wrote:
As a bit of a poll, how many people on this list using roundcube have Cpanel as a backend? i.e. this is how you manage your user accounts and passwords.
Not us. We wrote our own control panel and plan to provide web services which will allow users to write their own user-level control panel if that is what they desire.
Craig Webster | t: +44 (0)131 516 8595 | e: craig@xeriom.net Xeriom.NET | f: +44 (0)709 287 1902 | w: http://xeriom.net
Xeriom Networks: Roundcube webmail, PHP5, Ruby, MySQL and lots more. Web hosting, dedicated servers and colocation. http://xeriom.net/
Why is this thread going that way? Some day, there will be an option to add your own plugins/addons/or so.
IMHO what will be useful, or not, this should be always my or yours decision, so I why not just leave it?
Wojtek
Kari I appreciate your response and hope you understand that my viewpoint is in no way a personal attack towards you, just ideas on how I think RC should develop. I understand your concerns of supporting your clients, and how "other" webmail solutions provide password changing - however I don't think RC should have a feature just because others do. My feeling is there's a lot more important core things that need to be addressed, while there are secure web-based passwd changing utilities out there.
http://www.unicom.com/sw/web-chpass/ http://changepassword.sourceforge.net/ http://www.wagemakers.be/english/programs/cgipaf http://freshmeat.net/projects/cypr/
If I were you I'd grab one of those, (this one looks the simplest and most complete: http://changepassword.sourceforge.net/img1.jpg) get it working, copy the code out of the working page, copy RC's login page, rework it with the passwd-changing code - then create a link under 'Personal Settings' to point to your new page. That would solve your concerns of user experience, as well as security. Then you could release it as a patch or plugin for others to try.
I'm in complete agreement that other wemail projects (openwebmail and squirrelmail) has suffered from way too many plugin options, but I approve of how none of them are included in the default install (squirrelmail), they're all option and they change in response to the project - the project doesn't change in response to the plugins.
P
On Fri, 09 Dec 2005 10:22:54 +0200, Kari Päivärinta kari.paivarinta@vtoasp.net wrote:
I have to say, I don't think that it would be very userfriendly for our customers to have a second separate systems just to change password. "I'm having this great myrandommail.com account which has excellent webmail, but if I want to change my password once a year I have to go to some other passwd.myrandommail.com-site and there I can change my password."
OK, it's not a pure mail client feature, but as webmail for some cases is the only client to access mail it wouldn't do harm if it included the password change option. For example I have mail accounts for my family (yes, grandma too), friends and so on.. I don't want to teach each of them aging from 13 to 80(?) how to use SSH to just change their webmail password. Neither do I see that it would be a good solution for them or to me as an administrator to set up Webmin (or likes) complicated gizmos for such a (seamingly) simple task. And let me quote you here: "I wouldn't trust it to be secure.".
After posting this request I thought more of it and remembered that as RC is using IMAP to connect perhaps remote mailservers there isn't allways the connection to server itself on any other level than IMAP. This makes the password feature seem to be quite obsolete and far fetched to build in this remote mail client. But on the other hand I see the usage just like all my webmail installations where the webmail is running even on the mailserver itself. And I tend to think that more often the system is being used to access "local" mail than remote.
Against these thoughts I find your comment "not a full fledged web/server/email/smtp/spam/virus implementation" a bit unfair as I'm just querying for an obvious and rather (seamingly) simple feature for a system that is going to be the only boundary between my systems (which are taking care of webserver, smtp, spam and virus etc.) and the users who just want to read their email and once a year (atleast, I hope) to change their password. It's shouldn't be an "admin feature" to change your own personal password.
So webmail will be their only system, I'm not going to use any other "webmins". I just wish that it could be somehow implemented within the webmail and if it's not going to be "mainstream" I can make my own modifications there - no problem. I've just learned to keep my own mods as few as possible with openwebmail which is the system I now want to replace because with the quantity of mods I need to be doing there practically disables future updates.
So far RC is very promising and I just love the simplicity of it (versus the few thousand insignificant options of openwebmail that it's trying to thow at simple users face). It's just lacking the password changing feature to get being used for all my noncommercial users. And by the way it's implemented I don't even expect it from it but it would certainly be a bonus.
RC <3
-- Kari
PS: Sorry. :)
phil wrote:
On Thu, 8 Dec 2005 17:16:34 +0000, Craig Webster craig@xeriom.net
wrote:
Hi Kari P?iv?rinta, On Thu, Dec 08, 2005 at 02:09:34PM +0200 you wrote something like:
Could it be possible to build a change password feature to the RoundCube? I have users who don't have (or never will have) shell access so this is the single most important feature needed to change my RounCube to my primary webmail.
I have to say, I don't think that a mail client should have access to change the passwords; it produces an awful lot of dependencies on the
I'm totally in agreement with this, Roundcubemail is supposed to be a
webmail client, not a full fledged web/server/email/smtp/spam/virus implementation, something that Novell's Hula is supposed to be; it's a webmail client, and the best one out there yet IMHO. Look at the about page: http://www.roundcube.net/?p=about there's nothing on there that says it wants to be anything more, and I for one hope that doesn't change, the focus should be on useabilty and functionality within a client webmail realm; not OS level functions. If you want/need to change user passwords, I'd recomment something like Webmin - or some homegrown password change webpage, though I wouldn't trust it to be secure. I dont' think Roundcube is ready to jump into any Corp environments, so I don't see a need to do anything beyond that yet. I would hope in the future that they're be a sep project, an admin gateway that would compliment Roundcube - but again, with all the backends being so disparate, who k
nows how many functions it would have to cover. Again, I don't want
those admin features in a web client, but would see it being a sep/complimentary project.
P
http://fak3r.com - you don't have to kick it
-- http://fak3r.com - you don't have to kick it
On Fri, 09 Dec 2005 07:31:36 -0800, Jonathan Nichols jnichols@pbp.net wrote:
Geuis Teses wrote:
As a bit of a poll, how many people on this list using roundcube have Cpanel as a backend? i.e. this is how you manage your user accounts and passwords.
No Cpanel here. Mail user accounts are stored in mysql.
Take a look at this:
http://freshmeat.net/projects/phpmailadmin/
"phpMailAdmin is a Web-based mail administration interface, designed to be a full interface to setup domains, accounts, and set password. This interface is specifically designed to work with the PostFix, MySQL, and Courier IMAP installation noted on http://www.postfix.org, done by Lucas Peet."
http://fak3r.com - you don't have to kick it
Amen!
I think everybody agrees that things like
directory, edirectory, ...)
should all be implemented (preferrably just as frontends) in plugins, and not all be part of the core of RoundCube. (Almost) all of these things are great additions, don't get me wrong, but not for the core.
As far as I know, somebody is working already on a plugin-api. As soon as that hits it's alpha stage, things like this could be implemented, at least as "a proof of concept" of the plugin-api.
Just my 2 cents... :-)
phil schreef:
On Thu, 8 Dec 2005 17:16:34 +0000, Craig Webster craig@xeriom.net wrote:
Hi Kari P?iv?rinta, On Thu, Dec 08, 2005 at 02:09:34PM +0200 you wrote something like:
Could it be possible to build a change password feature to the RoundCube? I have users who don't have (or never will have) shell access so this is the single most important feature needed to change my RounCube to my primary webmail.
I have to say, I don't think that a mail client should have access to change the passwords; it produces an awful lot of dependencies on the
I'm totally in agreement with this, Roundcubemail is supposed to be a webmail client, not a full fledged web/server/email/smtp/spam/virus implementation, something that Novell's Hula is supposed to be; it's a webmail client, and the best one out there yet IMHO. Look at the about page: http://www.roundcube.net/?p=about there's nothing on there that says it wants to be anything more, and I for one hope that doesn't change, the focus should be on useabilty and functionality within a client webmail realm; not OS level functions. If you want/need to change user passwords, I'd recomment something like Webmin - or some homegrown password change webpage, though I wouldn't trust it to be secure. I dont' think Roundcube is ready to jump into any Corp environments, so I don't see a need to do anything beyond that yet. I would hope in the future that they're be a sep project, an admin gateway that would compliment Roundcube - but again, with all the backends being so disparate, who k nows how many functions it would have to cover. Again, I don't want those admin features in a web client, but would see it being a sep/complimentary project.
P
http://fak3r.com - you don't have to kick it
I know there was some talk of these things before, but is anyone working on:
never made it into the cvs)
~Brian
this isn't real promising:
dlg@scotty:~$ telnet lists.roundcube.net 25 Trying 195.159.29.201... Connected to lists.roundcube.net. Escape character is '^]'. 220 mail.maildialog.com ESMTP helo a 250 mail.maildialog.com mail from: dlg@foo.org 250 ok rcpt to: dev@lists.roundcube.net 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
david l goodrich wrote:
this isn't real promising:
You need to learn the difference between DNS A- and MX-records (and SMTP syntax :-).
dlg@scotty:~$ telnet lists.roundcube.net 25 Trying 195.159.29.201... Connected to lists.roundcube.net. Escape character is '^]'. 220 mail.maildialog.com ESMTP helo a 250 mail.maildialog.com mail from: dlg@foo.org 250 ok rcpt to: dev@lists.roundcube.net 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
bob@che:~$ dig -t mx lists.roundcube.net
<clip> ;; ANSWER SECTION: lists.roundcube.net. 86400 IN MX 10 maildialog.com. <clip> bob@che:~$ telnet maildialog.com 25 Trying 195.159.29.202... Connected to maildialog.com. Escape character is '^]'. 220 maildialog.com ESMTP helo a 250 maildialog.com Hello ti122110a081-10547.bb.online.no [85.166.105.51] mail from:<dlg@foo.org> 250 OK rcpt to:<dev@lists.roundcube.net> 250 Accepted quit 221 maildialog.com closing connection Connection closed by foreign host. bob@che:~$