Re: /bin/passwd as shell
On Thu, Jan 24, 2002 at 07:23:35AM +0100, martin f krafft wrote:
>
>
> also sprach Rob VanFleet
> > On this list (I beleive) I saw someone mention the use of /bin/passwd
> > as a shell for mail-only users so they can easily change their password
> > without having to ask someone. Is this a secure option, or am I
> > missing some glaring problems? If so, what are some other possible
> > solutions?
>
> that was me, and no, noone has mentioned any bad aspects yet, other
> than your users having to type the old password twice. however, it's
> not the solution i amlooking for, so i am implementing a highly secure
> way to do it over and SSL/TLS-encrypted webform with emphasis on
> minimization of root privilege needs. i'll post to the list when i am
> done.
Thanks, that would be great. I thought about some sort of CGI for that
as well, but without spending more time on it than I have at the moment
I figured it would be far less secure than a password-protected passwd.
:) With proper taint checking it would probably be a better option.
-Rob
Reply to: