On Tue, 23 Oct 2001 16:39:37 -0400, [EMAIL PROTECTED] wrote: > Set their shell on the Unix system to '/bin/passwd', or whatever >other password changing tool you want. They can then log in to >change their password, and do nothing else.
I've played with this and it seems to work ok. How would you evaluate this as a security risk? Theoretically, the worst case is that someone changes the password that they've stolen and I have to reset it but how much should I worry about buffer overflow or other attacks with passwd or replacements as the shell? John Blumel - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
