[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: allowing users to change passwords

Why bother having them go through the hassle of loading an applet which
might not work ( not that Ive ever seen it not work ).

If they are using mindterm, then they are already in a browser, which
means you might as well just have them use a form via ssl to change their
password via poppassd.

On Thu, 17 Jan 2002, martin f krafft wrote:

> i need to provide a way for my users to change their password on my
> machines. however, most of them are too stupid for the console. so i
> played with poppassd, and it might end up being my option, but today i
> had another idea. so without having given it much though, i'll ask you:
> what would speak against setting the user's login shell to
> /usr/bin/passwd? it's SSH2-only, and with MindTerm as a java applet, i
> could even ask them to connect, login with their password, type their
> password again, then specify the new one twice. that shouldn't be a
> problem, right? or is it absolutely bad in terms of security?
> -- 
> martin;              (greetings from the heart of the sun.)
>   \____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck
> friends help you move. real friends help you move bodies.

Todays root password is brought to you by /dev/random

| Steve Mickeler * Network Operations |
|     Neptune Internet Services       |

1024D/ACB58D4F = 0227 164B D680 9E13 9168  AE28 843F 57D7 ACB5 8D4F

Reply to: