Security Basics mailing list archives

RE: remote passwd change

From: "Michael LaSalvia" <mike () genxweb net>
Date: Fri, 3 Oct 2003 07:09:59 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I suggest (thought not really secure) Create a cgi script that calls
the passwd system command. Once you do that you can edit it to take
other flags and build on it from there. I would also suggest using
some type of web authentication and ssl on the web page before they
got to the script. You will also need to a run the script as root or
be sudo the passwd command or chmod it 4777 so any user can use it. 


Remember that is the easiest way not the most secure way.


- -----Original Message-----
From: Ruiz Cifuentes, Rolando Matias (CL - Santiago)
[mailto:rruiz () deloitte cl] 
Sent: Thursday, October 02, 2003 4:22 PM
To: security-basics () securityfocus com
Subject: remote passwd change

Here is the scenario:
RedHat 7.2 using shadows passwords -> used for popmail use
popmail users are RedHat users, so their password are in /etc/shadow
users dont know nothing about linux (they are windows basic users)

Here is my problem:
I need to make them (~200 users) able to change their linux (mail)
pasword
remotely, in the easiest every ever thought way. how can i do this?
(i' dont
care if passwds are send in plaint text over the net) I' was thiking
in
something like:

telnet myserver anyport (using a .bat file in their computers)

and then the server replies something like:

Enter your Username: <user>
Enter your OldPass: <pass1>
Enter your NewPass: <pass2>
Enter your NewPass again: <pass2>
Your password has been change. Have a nice day!

do anyone knows anyway to do this? (in this or any other way)

thaks for your help

- ----------------------------------------------------------------------
- -----
- ----------------------------------------------------------------------
- ------



-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBP31ZB3AnVb+gRdsVEQIhJQCgrtd/hvHP14rjvxcK1I4Sh5YhUa0AoPl7
9SicWyhEJMlaZBJXs/Jyv3q3
=zo0/
-----END PGP SIGNATURE-----



---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

remote passwd change Ruiz Cifuentes, Rolando Matias (CL - Santiago) (Oct 02)
- RE: remote passwd change Michael LaSalvia (Oct 03)
- Re: remote passwd change ktos :) (Oct 03)
- Re: remote passwd change Burak Bilen (Oct 03)
- Re: remote passwd change Brian Shaw (Oct 03)
- Re: remote passwd change Darrin (Oct 03)
- Re: remote passwd change Erick Turnquist (Oct 03)
- Re: remote passwd change cc (Oct 03)
- Re: remote passwd change Oleksandr Darchuk (Oct 03)
- Re: remote passwd change Gabriel Orozco (Oct 03)
- Re: remote passwd change george njoku (Oct 03)
- Re: remote passwd change buzzdee (Oct 06)

(Thread continues...)