Re: Setting user passwords non-interactively
On Sat, May 18, 2002 at 01:13:25PM -0600, Alejandro Borges wrote:
> U guys are the best....thx for all the responses...
>
> I settled for a tip from greycat at #debian:
>
> usermod -p `mkpasswd --hash=md5 $cleartxtpw` $username
>
> That can easyly go work in perl as well naturaly....;)...
>
>
> What do u guys think?
Passing clear text passwords as program arguments is unsafe. Anyone who
can see the process list may also see the password.
I have once made a small PAM-based program which reads the old and new
password from stdin and sets the new password if the old one matches.
It used to be called from a perl script via perl's open().
The code is very application-specific so would need some tweaking, and
the comments are in Polish, but if anyone is still interested...
Marcin
--
Marcin Owsiany <porridge@debian.org> http://marcin.owsiany.pl/
GnuPG: 1024D/60F41216 FE67 DA2D 0ACA FC5E 3F75 D6F6 3A0D 8AA0 60F4 1216
--
To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: