allowing users to change passwords
i need to provide a way for my users to change their password on my machines. however, most of them are too stupid for the console. so i played with poppassd, and it might end up being my option, but today i had another idea. so without having given it much though, i'll ask you: what would speak against setting the user's login shell to /usr/bin/passwd? it's SSH2-only, and with MindTerm as a java applet, i could even ask them to connect, login with their password, type their password again, then specify the new one twice. that shouldn't be a problem, right? or is it absolutely bad in terms of security? -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^.*|tr * mailto:; net@madduck friends help you move. real friends help you move bodies. msg05349/pgp0.pgp Description: PGP signature
Re: allowing users to change passwords
Previously martin f krafft wrote: what would speak against setting the user's login shell to /usr/bin/passwd? Nothing, works just fine. It might be a bit confusing for users though since they will have to enter their original password twice as well. Wichert. -- _ [EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: allowing users to change passwords
Wichert Akkerman wrote: Previously martin f krafft wrote: what would speak against setting the user's login shell to /usr/bin/passwd? Nothing, works just fine. It might be a bit confusing for users though since they will have to enter their original password twice as well. You may wish to set the motd specifically for them and explain in it what they need to do. I would also audit the passwd program carefully for security problems like buffer overflows, etc. -- | Bryan Andersen | [EMAIL PROTECTED] | http://www.nerdvest.com | | Buzzwords are like annoying little flies that deserve to be swatted. | | Linux, the OS Microsoft doesn't want you to know about.. | | -Bryan Andersen| -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: allowing users to change passwords
Why bother having them go through the hassle of loading an applet which might not work ( not that Ive ever seen it not work ). If they are using mindterm, then they are already in a browser, which means you might as well just have them use a form via ssl to change their password via poppassd. On Thu, 17 Jan 2002, martin f krafft wrote: i need to provide a way for my users to change their password on my machines. however, most of them are too stupid for the console. so i played with poppassd, and it might end up being my option, but today i had another idea. so without having given it much though, i'll ask you: what would speak against setting the user's login shell to /usr/bin/passwd? it's SSH2-only, and with MindTerm as a java applet, i could even ask them to connect, login with their password, type their password again, then specify the new one twice. that shouldn't be a problem, right? or is it absolutely bad in terms of security? -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^.*|tr * mailto:; net@madduck friends help you move. real friends help you move bodies. Todays root password is brought to you by /dev/random .-. | Steve Mickeler * Network Operations | +-+ | Neptune Internet Services | `-' 1024D/ACB58D4F = 0227 164B D680 9E13 9168 AE28 843F 57D7 ACB5 8D4F -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: allowing users to change passwords
also sprach Steve Mickeler [EMAIL PROTECTED] [2002.01.18.0010 +0100]: If they are using mindterm, then they are already in a browser, which means you might as well just have them use a form via ssl to change their password via poppassd. yes, but did you see my recent posts on poppassd and its security problems? i am compiling poppassd-1.8-ceti from [1] right now though. it would be the best way. i could do that in addition to passwd... 1. http://www.ceti.com.pl/~kravietz/prog.html -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^.*|tr * mailto:; net@madduck when faced with a new problem, the wise algorithmist will first attempt to classify it as np-complete. this will avoid many tears and tantrums as algorithm after algorithm fails. -- g. niruta msg05353/pgp0.pgp Description: PGP signature
allowing users to change passwords
i need to provide a way for my users to change their password on my machines. however, most of them are too stupid for the console. so i played with poppassd, and it might end up being my option, but today i had another idea. so without having given it much though, i'll ask you: what would speak against setting the user's login shell to /usr/bin/passwd? it's SSH2-only, and with MindTerm as a java applet, i could even ask them to connect, login with their password, type their password again, then specify the new one twice. that shouldn't be a problem, right? or is it absolutely bad in terms of security? -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^.*|tr * mailto:; [EMAIL PROTECTED] friends help you move. real friends help you move bodies. pgpkq5epLC7a5.pgp Description: PGP signature
Re: allowing users to change passwords
Why bother having them go through the hassle of loading an applet which might not work ( not that Ive ever seen it not work ). If they are using mindterm, then they are already in a browser, which means you might as well just have them use a form via ssl to change their password via poppassd. On Thu, 17 Jan 2002, martin f krafft wrote: i need to provide a way for my users to change their password on my machines. however, most of them are too stupid for the console. so i played with poppassd, and it might end up being my option, but today i had another idea. so without having given it much though, i'll ask you: what would speak against setting the user's login shell to /usr/bin/passwd? it's SSH2-only, and with MindTerm as a java applet, i could even ask them to connect, login with their password, type their password again, then specify the new one twice. that shouldn't be a problem, right? or is it absolutely bad in terms of security? -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^.*|tr * mailto:; [EMAIL PROTECTED] friends help you move. real friends help you move bodies. Todays root password is brought to you by /dev/random .-. | Steve Mickeler * Network Operations | +-+ | Neptune Internet Services | `-' 1024D/ACB58D4F = 0227 164B D680 9E13 9168 AE28 843F 57D7 ACB5 8D4F
Re: allowing users to change passwords
also sprach Steve Mickeler [EMAIL PROTECTED] [2002.01.18.0010 +0100]: If they are using mindterm, then they are already in a browser, which means you might as well just have them use a form via ssl to change their password via poppassd. yes, but did you see my recent posts on poppassd and its security problems? i am compiling poppassd-1.8-ceti from [1] right now though. it would be the best way. i could do that in addition to passwd... 1. http://www.ceti.com.pl/~kravietz/prog.html -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^.*|tr * mailto:; [EMAIL PROTECTED] when faced with a new problem, the wise algorithmist will first attempt to classify it as np-complete. this will avoid many tears and tantrums as algorithm after algorithm fails. -- g. niruta pgpfYawPCfLpQ.pgp Description: PGP signature