Security Basics mailing list archives
RE: remote passwd change
From: "Michael LaSalvia" <mike () genxweb net>
Date: Fri, 3 Oct 2003 07:09:59 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I suggest (thought not really secure) Create a cgi script that calls the passwd system command. Once you do that you can edit it to take other flags and build on it from there. I would also suggest using some type of web authentication and ssl on the web page before they got to the script. You will also need to a run the script as root or be sudo the passwd command or chmod it 4777 so any user can use it. Remember that is the easiest way not the most secure way. - -----Original Message----- From: Ruiz Cifuentes, Rolando Matias (CL - Santiago) [mailto:rruiz () deloitte cl] Sent: Thursday, October 02, 2003 4:22 PM To: security-basics () securityfocus com Subject: remote passwd change Here is the scenario: RedHat 7.2 using shadows passwords -> used for popmail use popmail users are RedHat users, so their password are in /etc/shadow users dont know nothing about linux (they are windows basic users) Here is my problem: I need to make them (~200 users) able to change their linux (mail) pasword remotely, in the easiest every ever thought way. how can i do this? (i' dont care if passwds are send in plaint text over the net) I' was thiking in something like: telnet myserver anyport (using a .bat file in their computers) and then the server replies something like: Enter your Username: <user> Enter your OldPass: <pass1> Enter your NewPass: <pass2> Enter your NewPass again: <pass2> Your password has been change. Have a nice day! do anyone knows anyway to do this? (in this or any other way) thaks for your help - ---------------------------------------------------------------------- - ----- - ---------------------------------------------------------------------- - ------ -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> iQA/AwUBP31ZB3AnVb+gRdsVEQIhJQCgrtd/hvHP14rjvxcK1I4Sh5YhUa0AoPl7 9SicWyhEJMlaZBJXs/Jyv3q3 =zo0/ -----END PGP SIGNATURE----- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- remote passwd change Ruiz Cifuentes, Rolando Matias (CL - Santiago) (Oct 02)
- RE: remote passwd change Michael LaSalvia (Oct 03)
- Re: remote passwd change ktos :) (Oct 03)
- Re: remote passwd change Burak Bilen (Oct 03)
- Re: remote passwd change Brian Shaw (Oct 03)
- Re: remote passwd change Darrin (Oct 03)
- Re: remote passwd change Erick Turnquist (Oct 03)
- Re: remote passwd change cc (Oct 03)
- Re: remote passwd change Oleksandr Darchuk (Oct 03)
- Re: remote passwd change Gabriel Orozco (Oct 03)
- Re: remote passwd change george njoku (Oct 03)
- Re: remote passwd change buzzdee (Oct 06)
(Thread continues...)