Re: /bin/passwd as shell

also sprach Ralf Dreibrodt [EMAIL PROTECTED] [2002.01.24.1905 +0100]: and then no user, who has a valid shell has to enter the old password from user x, when he wants to change the password of user x. perhaps even if x=root ;-) /bin/passwd does not allow the specification of a username,

Re: /bin/passwd as shell

On Thu, Jan 24, 2002 at 07:23:35AM +0100, martin f krafft wrote: also sprach Rob VanFleet On this list (I beleive) I saw someone mention the use of /bin/passwd as a shell for mail-only users so they can easily change their password without having to ask someone. Is this a secure

Re: /bin/passwd as shell

On Thu, Jan 24, 2002 at 11:17:59AM -0600, Rob VanFleet wrote: On Thu, Jan 24, 2002 at 07:23:35AM +0100, martin f krafft wrote: also sprach Rob VanFleet On this list (I beleive) I saw someone mention the use of /bin/passwd as a shell for mail-only users so they can easily change

Re: /bin/passwd as shell

Hi, David N Moore wrote: i'm a new poster here, but one thing that strikes me is that the source to passwd should be hanging around somewhere. It wouldn't be incredibly difficult to make a custom version which does not ask for the original password, right? Then you could set it to be the

Re: [d-security] Re: /bin/passwd as shell

On Thu, Jan 24, 2002 at 07:05:54PM +0100, Ralf Dreibrodt wrote: and then no user, who has a valid shell has to enter the old password from user x, when he wants to change the password of user x. perhaps even if x=root ;-) You have to enter it once for the ssh daemon anyways. He just wanted to

Re: /bin/passwd as shell

martin f krafft wrote: that was me, and no, noone has mentioned any bad aspects yet, other than your users having to type the old password twice. however, it's not the solution i amlooking for, so i am implementing a highly secure way to do it over and SSL/TLS-encrypted webform with emphasis

Re: /bin/passwd as shell

On Thu, Jan 24, 2002 at 07:23:35AM +0100, martin f krafft wrote: also sprach Rob VanFleet On this list (I beleive) I saw someone mention the use of /bin/passwd as a shell for mail-only users so they can easily change their password without having to ask someone. Is this a secure option

Re: /bin/passwd as shell

On Thu, Jan 24, 2002 at 11:17:59AM -0600, Rob VanFleet wrote: On Thu, Jan 24, 2002 at 07:23:35AM +0100, martin f krafft wrote: also sprach Rob VanFleet On this list (I beleive) I saw someone mention the use of /bin/passwd as a shell for mail-only users so they can easily change

Re: /bin/passwd as shell

Hi, David N Moore wrote: i'm a new poster here, but one thing that strikes me is that the source to passwd should be hanging around somewhere. It wouldn't be incredibly difficult to make a custom version which does not ask for the original password, right? Then you could set it to be the

Re: [d-security] Re: /bin/passwd as shell

On Thu, Jan 24, 2002 at 07:05:54PM +0100, Ralf Dreibrodt wrote: and then no user, who has a valid shell has to enter the old password from user x, when he wants to change the password of user x. perhaps even if x=root ;-) You have to enter it once for the ssh daemon anyways. He just wanted to

Re: /bin/passwd as shell

martin f krafft wrote: that was me, and no, noone has mentioned any bad aspects yet, other than your users having to type the old password twice. however, it's not the solution i amlooking for, so i am implementing a highly secure way to do it over and SSL/TLS-encrypted webform with emphasis

/bin/passwd as shell

On this list (I beleive) I saw someone mention the use of /bin/passwd as a shell for mail-only users so they can easily change their password without having to ask someone. Is this a secure option, or am I missing some glaring problems? If so, what are some other possible solutions? Thanks