email account creation

[kalua]

I'm missing an option that an email user can change his password. Or did I overlooked something?

Currently I (ISPConfig client) have to create some email accounts, but the problem that I have to set the password. I should not gain knowledge about the password.

What would be an easy way to give an email owner the ability to change (or set or recover) his password?
Would this be possible with an imap client?

I would love to give an alternative email address and ISPConfig sends an generated password to this address.

[till]

There is no mailuser interface implemented yet. But it might be that there are plugins e.g. for squirrelmail that can change passwords in a mysql database as well.

[kalua]

I still found no satisfying solution to administer email accounts. It is possible with an very extended version of roundcube see [1] and [2] to let user change their passwords. But these version of Roundcube is not ready for production use, e.g. the generated emails have an bad header, so it got stuck in my spam filter.

Now I am at the crossroad with two paths:

1) Get ISPConfig to handle change requests for user email accounts
2) Get Roundcube (not MyRoundcube as in [1]) to handle these, e.g. write an plugin

(There are also plugins for squirrelmail but they depend on poppassd or require to modify DB-tables)

I would like to go path 1 because it seems to be the more appropriate way and is not depended by any third party software. But I think its also more difficult. So far the following points come to my mind:

a) a user can place somewhere an alternative email address
This included the possibility for an email user to login to ISPConfig. But maybe in the first step its enough that the "mailmaster" sets this address.

b) this address needs to be confirmed by the user, e.g. by following an link (with an id) send to him

c) if the user want to request a new password, an email with a new password is send to his alternate address. Alternative the email contains an link which as to be confirmed again, which prevents the user account from unauthorized password changes

My questions are:

Is this even wanted to be included in ISPConfig? Or are there other ideas to handle this topic?
Is there some code I could build on?
Is there somebody who can point me in the right direction to start?




[1] http://liebl.ath.cx/dl/RoundCube/
[2] http://www.roundcubeforum.net/myroun...ase-notes.html

[archerjd]

Kalua, could this be close to what you are looking for?

http://www.roundcubeforum.net/plug-i...ual-users.html

Basically, you would set the password and then give them directions on how to change it.

[kalua]

Thank you archerjd! Indeed I was browsing this forum the other day and was able to solve my problem. Its now possible to let the user change their password.

I'll post my modifications here later.

[archerjd]

Awsome, always happy to help and thanks for the update.
I'd like to see how it turns out because I'll probably be doing the same to my installation.

[kalua]

I'm using roundcubemail-0.2-beta, not sure if there are incompatibilities with later versions of RC as I did not try this.

I was inspired by this posting and made some changes.

In the file password.inc you have to set your connection settings. I created an new user which is only allowed to SELECT and UPDATE the table mail_user and has only access to the field email and password:

Create a new user and grant him the follow rights:

Code:

GRANT SELECT (
`email` , `password`
),
UPDATE (
`password`
) ON `dbispconfig`.`mail_user` TO 'DBUSERNAME'@ 'localhost';

In file password.inc I modified the function rcmail_save_password
This checks if the current password matches the one saved in the DB. I saw in ISPConfig that there is a salt calculated for the crypt function. I wasn't sure about the impact if the salt would calculated an other way, so I simply use the same routine.

Find my patch attached.