Password Change Machine
I'm currently configuring a machine to be the master password machine for a large network of machines. Is there a way to configure it to allow only root to get an actual console, and to have all other users redirected to a password change program? Thanks, Daniel
Re: Password Change Machine
On Mon, 16 Oct 2000, Daniel Whelan wrote: I'm currently configuring a machine to be the master password machine for a large network of machines. Is there a way to configure it to allow only root to get an actual console, and to have all other users redirected to a password change program? Set root's shell to whichever you prefer, and set the regular user's shell to /usr/bin/passwd. -jg -- Jeremy L. Gaddis [EMAIL PROTECTED]
Re: Password Change Machine
Jeremy Gaddis wrote: On Mon, 16 Oct 2000, Daniel Whelan wrote: I'm currently configuring a machine to be the master password machine for a large network of machines. Is there a way to configure it to allow only root to get an actual console, and to have all other users redirected to a password change program? Set root's shell to whichever you prefer, and set the regular user's shell to /usr/bin/passwd. Yeah...I thought of this at first, but I need a solution that doesn't mess with the passwd file at all, as the passwd file is distributed to other machines on a regular basis, and the users actually need access to their shell there. :) Daniel
Re: Password Change Machine
Set root's shell to whichever you prefer, and set the regular user's shell to /usr/bin/passwd. Yeah...I thought of this at first, but I need a solution that doesn't mess with the passwd file at all, as the passwd file is distributed to other machines on a regular basis, and the users actually need access to their shell there. :) I assume you'll have a cronjob of some sort running on the client machines which snags the password file off the server machine? No big deal, after it copies the password file, run a script on it to change their shells back to whatever you want. Nothing sed, awk, or perl couldn't handle. -jg -- Jeremy L. Gaddis [EMAIL PROTECTED]
Re: Password Change Machine
On Mon, 16 Oct 2000, Jeremy Gaddis wrote: Set root's shell to whichever you prefer, and set the regular user's shell to /usr/bin/passwd. Yeah...I thought of this at first, but I need a solution that doesn't mess with the passwd file at all, as the passwd file is distributed to other machines on a regular basis, and the users actually need access to their shell there. :) I assume you'll have a cronjob of some sort running on the client machines which snags the password file off the server machine? No big deal, after it copies the password file, run a script on it to change their shells back to whatever you want. Nothing sed, awk, or perl couldn't handle. You seem to be thinking his master password file is stored on a machine other than the password-server machine. Try rereading his original request for help. You'll see that corrupting the master password file isn't such an intelligent thing to do. My suggestion follows: One possibility is to take advantage of NIS. On the server machine you have a second password file (passwd.nis or something) that is a normal password file. In the file /etc/passwd you have the lines root:0:0::/:/bin/bash +:0:0:::/bin/yppasswd and set the machine to get passwords from this NIS map (do a man on nsswitch.conf). In this way, you can have your cronjob scp the passwd.nis file around, but transparently substitute in this alternate shell when the users come in. I know I'm leaving out a LOT of details, but hopefully you can figure those out from this basic idea. Good luck. Damian Menscher -- --==## Grad. student Sys. Admin. @ U. Illinois at Urbana-Champaign ##==-- --==## [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Ofc:(217)333-0038 ##==-- --==## Physics Dept, 1110 W Green, Urbana IL 61801 Fax:(217)333-9819 ##==--
Re: Password Change Machine
Damian == Damian Menscher [EMAIL PROTECTED] writes: Damian My suggestion follows: One possibility is to take Damian advantage of NIS. On the server machine you have a second Or openldap. Although, LDAP is (IMHO) currently harder to configure, especially if you not use to LDAP. However, I am under the impression that LDAP will be more future compatible (what ever that means). For instance: Damian password file (passwd.nis or something) that is a normal Damian password file. In the file /etc/passwd you have the lines Damian root:0:0::/:/bin/bash +:0:0:::/bin/yppasswd Damian and set the machine to get passwords from this NIS map (do Damian a man on nsswitch.conf). In this way, you can have your Damian cronjob scp the passwd.nis file around, but transparently Damian substitute in this alternate shell when the users come in. I am not sure if this is possible with LDAP, or what alternative you should/would use. Then again, with something like NIS or openldap you may not even need a password change computer, but I don't understand your requirements, so don't take my word for it. The only other downside to NIS or openldap compared with the setup you already use, depends on if you copy passwords over an encrypted connection or not, and what software you use for NIS or openldap. -- Brian May [EMAIL PROTECTED]