Re: remote passwd change

["Brian Shaw" <bshaw () vsvinc com>]

Unfortunately, sending the paswords in clear text will compromise the machines 
security.  A better way to do it would be to setup a secure web page on that 
server with a CGI script behind it to make the changes.  This also would have 
the advantage that your windows users would need to add anything to their 
computers.  You could just send them all an email containing the link for them 
to click on.

Brian

Bite the Power!
             -- Bucky Kat, 2003

---------- Original Message -----------
From: "Ruiz Cifuentes, Rolando Matias (CL - Santiago)" <rruiz () deloitte cl>
To: security-basics () securityfocus com
Sent: Thu, 2 Oct 2003 16:21:40 -0400 
Subject: remote passwd change

> Here is the scenario:
> RedHat 7.2 using shadows passwords -> used for popmail use
> popmail users are RedHat users, so their password are in /etc/shadow
> users dont know nothing about linux (they are windows basic users)
>
> Here is my problem:
> I need to make them (~200 users) able to change their linux (mail) pasword
> remotely, in the easiest every ever thought way. how can i do this? 
> (i' dont care if passwds are send in plaint text over the net) I' 
> was thiking in something like:
>
> telnet myserver anyport (using a .bat file in their computers)
>
> and then the server replies something like:
>
> Enter your Username: <user>
> Enter your OldPass: <pass1>
> Enter your NewPass: <pass2>
> Enter your NewPass again: <pass2>
> Your password has been change. Have a nice day!
>
> do anyone knows anyway to do this? (in this or any other way)
>
> thaks for your help
>
> ---------------------------------------------------------------------------
> ----------------------------------------------------------------------------
------- End of Original Message -------


---------------------------------------------------------------------------
----------------------------------------------------------------------------