Ben Morrow wrote:
Maybe replace "/usr/bin/passwd" with htpasswd?
Try pam_pwdfile with poppwd or some other poppassd that supports PAM.
That's it! I was trying to remember the name of this PAM module.
and is there another way other than poppassd?
Write your own PHP script -- it couldn't be more than a few dozen lines of code for a working skeleton. Or Google "php change password htpasswd".
It's not as simple as you seem to think. Quite apart from getting the password-changing itself right (have you considered what happens when two users change their passwords at the same time? when Dovecot tries to read the password file at the same time as you are changing it? when the system crashes when you are halfway through rewriting the password file?), you really shouldn't be running PHP as a user with write access to a password file (even a virtual password file) in any case.
I did consider it, and you're right, it is tricky to get it absolutely right. If robusteness and security was of utmost importance, I would abandon PHP too. I was scaling the solution to the OP's technical ability and apparent size of their operation -- if poppwd passes muster, this wouldn't be too far off.
Joseph Tam <jtam.home@gmail.com>