[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: /bin/passwd as shell

On Thu, Jan 24, 2002 at 07:23:35AM +0100, martin f krafft wrote:
> also sprach Rob VanFleet
> > On this list (I beleive) I saw someone mention the use of /bin/passwd
> > as a shell for mail-only users so they can easily change their password
> > without having to ask someone.  Is this a secure option, or am I
> > missing some glaring problems?  If so, what are some other possible
> > solutions?
> that was me, and no, noone has mentioned any bad aspects yet, other
> than your users having to type the old password twice. however, it's
> not the solution i amlooking for, so i am implementing a highly secure
> way to do it over and SSL/TLS-encrypted webform with emphasis on
> minimization of root privilege needs.  i'll post to the list when i am
> done.

Thanks, that would be great.  I thought about some sort of CGI for that
as well, but without spending more time on it than I have at the moment
I figured it would be far less secure than a password-protected passwd.
:)  With proper taint checking it would probably be a better option.


Reply to: