On Fri, Jan 23, 2004 at 04:13:35PM +1100, Michael Sharman wrote:
how about:
echo $user:$newpasswd | chpasswd
Better check if chpasswd actually works. The comments in the postinst for
sash indicate it doesn't use PAM, and you have to do your own MD5 crypting.
If that's correct, you can't
Thanks for all the suggestions, everyone. I wound up going with the
usermin interface (we were looking for something we could do quickly
and reliably; we also didn't have a horde install at the time.) So
far, it's working like a charm.
~Tom White
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
On Fri, Jan 23, 2004 at 04:13:35PM +1100, Michael Sharman wrote:
how about:
echo $user:$newpasswd | chpasswd
Better check if chpasswd actually works. The comments in the postinst for
sash indicate it doesn't use PAM, and you have to do your own MD5 crypting.
If that's correct, you can't
Thanks for all the suggestions, everyone. I wound up going with the
usermin interface (we were looking for something we could do quickly
and reliably; we also didn't have a horde install at the time.) So
far, it's working like a charm.
~Tom White
On Fri, Jan 23, 2004 at 04:13:35PM +1100, Michael Sharman wrote:
-Original Message-
From: Rene Cunningham [mailto:[EMAIL PROTECTED]
Sent: Friday, 23 January 2004 4:09 PM
[snip]
use something like
(sleep 1; echo $oldpasswd; sleep 1; echo $newpasswd; sleep 1;
echo $newpasswd)
On Fri, Jan 23, 2004 at 12:17:00AM -0700, Will Aoki wrote:
I've attached a slightly cleaned-up version of the password changer that
Perhaps this time I'll remember to attach the file *and* the mailing
list won't reject it...
--
William Aoki KD7YAF [EMAIL PROTECTED] /\ ASCII Ribbon Campaign
Quoting Tom White [EMAIL PROTECTED]:
Dear List,
I'm looking for a decent, secure, web based password changer for
user accounts. Something that I can install on a debian box with a
minimum amount of tweaking, and that isn't really any less secure than
a shell user changing their password
On Fri, 23 Jan 2004 at 02:24:58AM -0500, Will Aoki wrote:
Hopefully the script would not actually invoke echo - otherwise, like
anything else passed on the command line, the password will show up in
the process table for anyone or anything to see.
Yet another reason to use the GRSecurity
Daniel Lysfjord wrote:
Quoting Tom White [EMAIL PROTECTED]:
Dear List,
I'm looking for a decent, secure, web based password changer for
user accounts. Something that I can install on a debian box with a
minimum amount of tweaking, and that isn't really any less secure than
a shell user
Jose Alberto Guzman wrote:
If you run an ldap backend, I can send you an example php script.
Jose:
would you please?
cheers,
glen
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Witajcie,
Jose Alberto Guzman wrote:
If you run an ldap backend, I can send you an example php script.
Jose:
would you please?
me too :)
--
Cheers,
Marcin.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Glen Mehn wrote:
Jose Alberto Guzman wrote:
If you run an ldap backend, I can send you an example php script.
Jose:
would you please?
cheers,
glen
Here it goes, it's an in house script, so don't expect elegancy or
cleanliness.
It uses php-cracklib in order to check for good new
On Thu, Jan 22, 2004 at 10:04:48PM -0500, Tom White wrote:
Dear List,
I'm looking for a decent, secure, web based password changer for
user accounts. Something that I can install on a debian box with a
minimum amount of tweaking, and that isn't really any less secure than
a shell user
On Fri, Jan 23, 2004 at 04:13:35PM +1100, Michael Sharman wrote:
-Original Message-
From: Rene Cunningham [mailto:[EMAIL PROTECTED]
Sent: Friday, 23 January 2004 4:09 PM
[snip]
use something like
(sleep 1; echo $oldpasswd; sleep 1; echo $newpasswd; sleep 1;
echo $newpasswd)
On Fri, Jan 23, 2004 at 12:17:00AM -0700, Will Aoki wrote:
I've attached a slightly cleaned-up version of the password changer that
Perhaps this time I'll remember to attach the file *and* the mailing
list won't reject it...
--
William Aoki KD7YAF [EMAIL PROTECTED] /\ ASCII Ribbon Campaign
Quoting Tom White [EMAIL PROTECTED]:
Dear List,
I'm looking for a decent, secure, web based password changer for
user accounts. Something that I can install on a debian box with a
minimum amount of tweaking, and that isn't really any less secure than
a shell user changing their password
On Fri, 23 Jan 2004 at 02:24:58AM -0500, Will Aoki wrote:
Hopefully the script would not actually invoke echo - otherwise, like
anything else passed on the command line, the password will show up in
the process table for anyone or anything to see.
Yet another reason to use the GRSecurity
Daniel Lysfjord wrote:
Quoting Tom White [EMAIL PROTECTED]:
Dear List,
I'm looking for a decent, secure, web based password changer for
user accounts. Something that I can install on a debian box with a
minimum amount of tweaking, and that isn't really any less secure than
a shell user
Jose Alberto Guzman wrote:
If you run an ldap backend, I can send you an example php script.
Jose:
would you please?
cheers,
glen
Witajcie,
Jose Alberto Guzman wrote:
If you run an ldap backend, I can send you an example php script.
Jose:
would you please?
me too :)
--
Cheers,
Marcin.
Glen Mehn wrote:
Jose Alberto Guzman wrote:
If you run an ldap backend, I can send you an example php script.
Jose:
would you please?
cheers,
glen
Here it goes, it's an in house script, so don't expect elegancy or
cleanliness.
It uses php-cracklib in order to check for good
may be u can make a cgi and with sudo u can change tha user passwd..
but.. USE AT YOUR OWN RISK :)
bye
El vie, 23-01-2004 a las 00:04, Tom White escribió:
Dear List,
I'm looking for a decent, secure, web based password changer for
user accounts. Something that I can install on a debian
I thought of that, but a few things here-
1 - the debian passwd utility does not have the --stdin option, so I'm not
quite sure how to set it up
2 - I wouldn't want to have it do it as root - would be more
comfortable with a wrapper program of some kind that did some sanity
checks and then
On Thu, Jan 22, 2004 at 10:04:48PM -0500, Tom White wrote:
I'm looking for a decent, secure, web based password changer for
user accounts. Something that I can install on a debian box with a
minimum amount of tweaking, and that isn't really any less secure than
a shell user changing their
On Thu, Jan 22, 2004 at 10:04:48PM -0500, Tom White wrote:
I'm looking for a decent, secure, web based password changer for
user accounts.
Aside from usermin, if you're running the Horde framework (for IMP, etc)
then you can use sork (debian testing package sork-passwd for password
changing).
On Thu, Jan 22, 2004 at 10:31:45PM -0500, Tom White wrote:
1 - the debian passwd utility does not have the --stdin option, so I'm not
quite sure how to set it up
use something like
(sleep 1; echo $oldpasswd; sleep 1; echo $newpasswd; sleep 1; echo $newpasswd)
| passwd $user
2 - I
-Original Message-
From: Rene Cunningham [mailto:[EMAIL PROTECTED]
Sent: Friday, 23 January 2004 4:09 PM
To: Tom White
Cc: debian-security@lists.debian.org
Subject: Re: Web based password changer
On Thu, Jan 22, 2004 at 10:31:45PM -0500, Tom White wrote:
1 - the debian
27 matches
Mail list logo