Re: [ProgSoc] passwd changing stuff

[jedd <jedd@nospam.progsoc.uts.edu.au>]

On Mon, 27 Aug 2001 23:12, Justin Warren wrote:
 ] You can get everything except the random password string by
 ] using sudo. Check out the syntax of the sudoers file for
 ] details. You can force a user to change their password on
 ] their next login by using passwd, you know. Under Solaris it's 
 ] the -f flag, under Debian it's -e.

 I'd considered sudo before, but from my understanding of sudo,
 it wouldn't be possible (at least not without generating very
 many custom scripts) to prevent anyone with sudo access to
 'passwd', from resetting say the jedd or root accounts.  Even by
 using the regex-ish stuff they've got, it concerns me that there'd
 be a way around that .. given the power of sudo.  I really need a
 solid way of preventing the resetting of certain account's passwords.

 ] Why not use tcl/expect or perhaps perl? There's a front end
 ] to passwd in the original Camel book, from memory, which you
 ] could reuse some code from. That's if you're desperate to
 ] manually set passwords to generated strings.

 expect was looking like the best of a bad lot, but the need
 to install it on every machine as a pre-req for what I'd hoped
 would be a standalone utility .. discouraged me.  I'll investigate
 it further now.  I seem to recall hearing that passwd tried to
 subvert any automated front-ends to it, ostensibly in the name
 of security.

 Taa,
 Jedd.
-
You are subscribed to the progsoc mailing list. To unsubscribe, send a
message containing "unsubscribe" to progsoc-request@nospam.progsoc.uts.edu.au.
If you are having trouble, ask owner-progsoc@nospam.progsoc.uts.edu.au for help.