View Single Post
  #1  
Old 19th September 2007, 15:51
catdude catdude is offline
Senior Member
 
Join Date: Jun 2007
Posts: 178
Thanks: 1
Thanked 12 Times in 11 Posts
Default Record user passwords

I am currently attempting to modify my ISPConfig code to allow me to passwords to user e-mail accounts. I know this introduces security issues, but I happen to believe that if a user manages to compromise my system enough to be able to browse the database, the system is pretty well screwed anyhow.

If I have the user passwords stored somewhere (in the database, or in a Berkeley DB file, or SQLite, or ...) I can then rebuild /etc/passwd and /etc/shadow if they should become compromised, can test proper operation of POP and IMAP for all users, etc. In the early weeks of putting a new ISPConfig installation on-line, the ability to test these functions for every user account can be extremely important.

Since I am moving users from our Plesk server to ISPConfig, I have all their passwords anyway. I'd just like to know that my lists will remain current as users go in to change their own passwords.
Reply With Quote
Sponsored Links