[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [ProgSoc] passwd changing stuff
On Mon, 27 Aug 2001 23:12, Justin Warren wrote:
] You can get everything except the random password string by
] using sudo. Check out the syntax of the sudoers file for
] details. You can force a user to change their password on
] their next login by using passwd, you know. Under Solaris it's
] the -f flag, under Debian it's -e.
I'd considered sudo before, but from my understanding of sudo,
it wouldn't be possible (at least not without generating very
many custom scripts) to prevent anyone with sudo access to
'passwd', from resetting say the jedd or root accounts. Even by
using the regex-ish stuff they've got, it concerns me that there'd
be a way around that .. given the power of sudo. I really need a
solid way of preventing the resetting of certain account's passwords.
] Why not use tcl/expect or perhaps perl? There's a front end
] to passwd in the original Camel book, from memory, which you
] could reuse some code from. That's if you're desperate to
] manually set passwords to generated strings.
expect was looking like the best of a bad lot, but the need
to install it on every machine as a pre-req for what I'd hoped
would be a standalone utility .. discouraged me. I'll investigate
it further now. I seem to recall hearing that passwd tried to
subvert any automated front-ends to it, ostensibly in the name
You are subscribed to the progsoc mailing list. To unsubscribe, send a
message containing "unsubscribe" to email@example.com.
If you are having trouble, ask firstname.lastname@example.org for help.