Hi, On Mon, Aug 23, 2010 at 06:24:45PM +0200, Finn-Arne Johansen wrote: > On 12. mai 2010 19:26, Andreas B. Mundt wrote: > > I am currently thinking about how to handle the post-creation, > > post-password-change and related stuff properly. > > > > So far, I use the draft-script attached below which is run by the gosa > > postcreation hook (www-data added to sudoers file) to handle all needs: > > > > 1.: A (posix) user is created in gosa: The script called as > > /usr/bin/sudo /usr/sbin/gosa-pp %uid > > creates homedir and corresponding principal with random > > password. This works fine. > > what if the gosa web server is not the homedirectory server, and maybe > even not the ldap-server ? > > > 2.: Now, the password for the new user is entered in gosa. I figured > > out that the passwordHook="/usr/bin/sudo /usr/sbin/gosa-pp" is > > called with just the password as argument. Unfortunately there is > > no uid attached, so I do not know how to set the attached password > > for the user just(?) created. (Currently, the script tries to > > create a homedir for a user with uid=password, so this has to be > > fixed too.) > > What about other users that create php-scripts that also calls the gosa > sudo-tools for debian, changing passowrds for the teachers and admins on > their own ? > > > 3.: Assume, the user changes his password in gosa now. In this case > > gosa-pp is called as: > > gosa-pp uid oldpw newpw > > As you see below, with root's almighty power the new password is > > enforced, but there is no check if the old password is known by > > the executing party. > > Same comment as above.
There have been many changes and improvements since I wrote the mail cited above. Please provide comments/patches related to the current scripts in use: <URL:http://svn.debian.org/wsvn/debian-edu/trunk/src/debian-edu-config/share/debian-edu-config/tools/gosa-create> <URL:http://svn.debian.org/wsvn/debian-edu/trunk/src/debian-edu-config/share/debian-edu-config/tools/gosa-remove> <URL:http://svn.debian.org/wsvn/debian-edu/trunk/src/debian-edu-config/share/debian-edu-config/tools/gosa-sync> Thanks, Andi -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
