Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 19 Jul 1997 17:33:18 -0600 (MDT)
From:      Justin Ashworth <ashworth@esus.cs.montana.edu>
To:        Troy Settle <rewt@i-Plus.net>
Cc:        Doug White <dwhite@resnet.uoregon.edu>, questions@FreeBSD.ORG
Subject:   Re: Change another user's password?
Message-ID:  <Pine.OSF.3.95.970719172725.3362A-100000@esus.cs.montana.edu>
In-Reply-To: <199707192320.TAA22627@radford.i-plus.net>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Sat, 19 Jul 1997, Troy Settle wrote:

> From: Justin Ashworth <ashworth@cs.montana.edu>
> >Yes, but read my original message...the users don't have shell access.
> >That's the whole tough thing about this. I guess it's just not doable.
> 
> Have you thought about setting users' shells to /usr/bin/passwd?  I've seen
> it working on many other systems, and haven't noted any particular security
> risks.

  That's been suggested and I actually considered it before. The problem
is that we have about three machines with different passwd files (no NIS+
or rdist to speak of). If a user changes their password on the POP mail
server, they will assume that it changed their password on the web server. 
The next time they go to upload their web page, they're going to call our
support line and ask why their password doesn't work. Not worth the
hassle. All I really need is a way for one user to change another user's
password - if that's possible. Remember, su'ing to root is out of the
question because I will need to be prompted for the old password so that
not just anybody can change another user's password. Also note that the
users can't change their passwords themselves because they don't have
shell access. 

  Any suggestions?

- Justin Ashworth
-- ashworth@cs.montana.edu
- http://www.cs.montana.edu/~ashworth




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?Pine.OSF.3.95.970719172725.3362A-100000>