Re: /bin/passwd as shell

To: <debian-security@lists.debian.org>
Subject: Re: /bin/passwd as shell
From: "martin f krafft" <madduck@madduck.net>
Date: Thu, 24 Jan 2002 07:23:35 +0100 (CET)
Message-id: <[🔎] 34422.193.159.108.235.1011853415.squirrel@madduck.net>
In-reply-to: <[🔎] 20020123233814.A7815@linux.wku.edu>
References: <[🔎] 20020123233814.A7815@linux.wku.edu>


also sprach Rob VanFleet
> On this list (I beleive) I saw someone mention the use of /bin/passwd
> as a shell for mail-only users so they can easily change their password
> without having to ask someone.  Is this a secure option, or am I
> missing some glaring problems?  If so, what are some other possible
> solutions?

that was me, and no, noone has mentioned any bad aspects yet, other than your
users having to type the old password twice. however, it's not the
solution i amlooking for, so i am implementing a highly secure way to do it over and
SSL/TLS-encrypted webform with emphasis on minimization of root privilege
needs.
i'll post to the list when i am done.

-- 
martin;              (greetings from the heart of the sun.)
  \____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck



------------------------------------------------
     This email was sent using SquirrelMail
   "Webmail for nuts!" at webmail.madduck.net
            http://squirrelmail.org/
                     YEAH!

Reply to:

Follow-Ups:
- Re: /bin/passwd as shell
  - From: Rob VanFleet <rvf@linux.wku.edu>
- Re: /bin/passwd as shell
  - From: Moses Moore <mmoore@novator.com>

References:
- /bin/passwd as shell
  - From: Rob VanFleet <rvf@linux.wku.edu>

Prev by Date: /bin/passwd as shell
Next by Date: how to create MD5 passwords
Previous by thread: /bin/passwd as shell
Next by thread: Re: /bin/passwd as shell
Index(es):
- Date
- Thread