web-based "change my password" utility
Last updated: 

This package has moved to github. The packages linked on this page are historical. For current version, see: https://github.com/chip-rosenthal/web-chpass

The web-chpass utility allows users to change their account password through the web. This package was written with security as the foremost concern, flexibility next. It runs on systems that use PAM to manage user authorizations.

The web pages produced are completely customizable. The chpass.cgi utility contains no HTML. Instead, web pages are produced from an external template.

"Bad password" checking can be optionally enabled. The distributed web page template offers the user a choice, with these checks enabled by default.

This package includes several components that may be useful for other applications. The nipasswd utility allows non-privileged programs to authenticate users and change passwords in a fairly secure and reliable fashion. The NiPasswd.pm perl module is a scripted interface to nipasswd.

web-chpass-1.4.tar.gz12.18 KB
web-chpass-1.3.tar.gz12.08 KB
web-chpass-1.2.tar.gz11.84 KB
web-chpass-1.1.tar.gz11.81 KB
web-chpass-1.0.tar.gz11.14 KB
web-chpass-0.1.tar.gz10.74 KB
Release history: 

Version 1.4 (21-Dec-2006) - Fix failure from "Unexpected PAM message (PAM_TEXT_INFO): Password changed." message generated on SuSE 10.1.

Version 1.3 (12-Nov-2006) - Resolve Fedora 5 portability issues reported by Steve Mokris. Now give useful message when password has expired (PAM_NEW_AUTHTOK_REQD).

Version 1.2 (15-Jun-2003) - This update only affects installation; current users should not bother updating. Drop pam.d/nipasswd from distribution. Instead, copy it from pam.d/passwd, which should be more portable.

Version 1.1 (24-Aug-2002) - New BADPW_CHECKS configuration setting allows the bad password checks to be enabled, disabled, or optional per user selection. New MIN_AUTH_UID and MIN_CHANGE_UID control minimum UID checks, without having to hack code.

Version 1.0 (24-Aug-2002) - Added minimum UID checks, to avoid accessing/changing system accounts.

Version 0.1 (20-Jul-2002) - Initial release for public testing.