martin f krafft wrote: > that was me, and no, noone has mentioned any bad aspects yet, other than your > users having to type the old password twice. however, it's not the > solution i amlooking for, so i am implementing a highly secure way to do it > over and > SSL/TLS-encrypted webform with emphasis on minimization of root privilege > needs. > i'll post to the list when i am done.
I found something that claims to do this. http://www.geocities.com/beradrian/soft/soft.html#cgipasswd It claims to use PAM, and it should only be used over https for reasons that should be obvious.
