i need to provide a way for my users to change their password on my machines. however, most of them are too stupid for the console. so i played with poppassd, and it might end up being my option, but today i had another idea. so without having given it much though, i'll ask you: what would speak against setting the user's login shell to /usr/bin/passwd? it's SSH2-only, and with MindTerm as a java applet, i could even ask them to connect, login with their password, type their password again, then specify the new one twice. that shouldn't be a problem, right? or is it absolutely bad in terms of security? -- martin; (greetings from the heart of the sun.) \____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck friends help you move. real friends help you move bodies.
Attachment:
pgpp9b9uCWpsJ.pgp
Description: PGP signature