[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Setting user passwords non-interactively



On Sun, May 19, 2002 at 11:35:00PM +0200, staf wagemakers wrote:
> On Sun, May 19, 2002 at 03:18:29PM +0200, Marcin Owsiany wrote:
> > > I settled for a tip from greycat at #debian:
> > > 
> > > 	usermod -p `mkpasswd --hash=md5 $cleartxtpw` $username
> > > 
> > > That can easyly go work in perl as well naturaly....;)...
> > > 
> > > 
> > > What do u guys think?
> > 
> > Passing clear text passwords as program arguments is unsafe. Anyone who
> > can see the process list may also see the password.
> > 
> > I have once made a small PAM-based program which reads the old and new
> > password from stdin and sets the new password if the old one matches.
> > It used to be called from a perl script via perl's open().
> > 
> > The code is very application-specific so would need some tweaking, and
> > the comments are in Polish, but if anyone is still interested...
> 
> You could use chpasswd to update the password, chpasswd read the username
> and password form stdin so the password isn't available in ps.

Right. The only difference is that chpasswd doesn't check existing
password.

Marcin
-- 
Marcin Owsiany <porridge@debian.org>             http://marcin.owsiany.pl/
GnuPG: 1024D/60F41216  FE67 DA2D 0ACA FC5E 3F75  D6F6 3A0D 8AA0 60F4 1216


-- 
To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org



Reply to: