Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 19 Jul 1997 20:59:52 -0400 (EDT)
From:      <david@sparks.net>
To:        Justin Ashworth <ashworth@esus.cs.montana.edu>
Cc:        Troy Settle <rewt@i-Plus.net>, Doug White <dwhite@resnet.uoregon.edu>, questions@freebsd.org
Subject:   Re: Change another user's password?
Message-ID:  <Pine.BSI.3.95.970719205812.21608A-100000@sparks.net>
In-Reply-To: <Pine.OSF.3.95.970719172725.3362A-100000@esus.cs.montana.edu>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Sat, 19 Jul 1997, Justin Ashworth wrote:

> On Sat, 19 Jul 1997, Troy Settle wrote:
> 
> > From: Justin Ashworth <ashworth@cs.montana.edu>
> > >Yes, but read my original message...the users don't have shell access.
> > >That's the whole tough thing about this. I guess it's just not doable.
> > 
> > Have you thought about setting users' shells to /usr/bin/passwd?  I've seen
> > it working on many other systems, and haven't noted any particular security
> > risks.
> 
>   That's been suggested and I actually considered it before. The problem
> is that we have about three machines with different passwd files (no NIS+
> or rdist to speak of). If a user changes their password on the POP mail
> server, they will assume that it changed their password on the web server. 
> The next time they go to upload their web page, they're going to call our
> support line and ask why their password doesn't work. Not worth the
> hassle. All I really need is a way for one user to change another user's
> password - if that's possible. Remember, su'ing to root is out of the
> question because I will need to be prompted for the old password so that
> not just anybody can change another user's password. Also note that the
> users can't change their passwords themselves because they don't have
> shell access. 
> 
>   Any suggestions?

Is this a trick question?  Why not add 10 lines or so of code to the
actual passwd program to require root to know the old password?

You wouldn't want to replace the original passwd, of course.  Just have
this other program available for whatever you're doing.

--- David Miller


----------------------------------------------------------------------------
		It's *amazing* what one can accomplish when 
		    one doesn't know what one can't do!




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?Pine.BSI.3.95.970719205812.21608A-100000>