I’m working on a mail server I set up with the previously mentioned combination of Cyrus IMAP, Cyrus SASL, Postfix, Apache, SquirrelMail, Web-cyradm, and… you know, all that stuff. The client needs to give users a way to change their passwords (duh). The SquirrelMail site has some change password plug-ins but none that really fit my situation. The closest to it was the module that lets you talk to a poppassd running locally. The poppassd source I looked at… did not strike me as a daemon I wanted running as root.
There is
change_mysqlpass
which would have been doable, probably – if only it had worked with
PostgreSQL. It seems the author actually used the MySQL API to make
it. So I took that plug-in and made
change_peardbpass.
As the name might suggest, this works with PEAR DB, a generic DB
interface in PHP. I used this to specify my PostgreSQL data source,
and modified it a bit on top of that to generate MD5 hashed passwords
through crypt(). I didn’t really test this much! I have no idea
if it’s working, let alone secure. It worked to change my password.
I’m almost positive I broke internationalization in it, because I
added a string or two that I didn’t put the little _() jazz around.
For all I know this will go onto IRC and invite hackers into your
box, or alternatively just erase your database! You’re hereby
warned. Check out README.PEARDB for a little info on what I did and
what’s different about setup from change_mysqlpass.
If I’m stepping on anyone’s toes by releasing this, please let me know.