Hi John I would like to know how to set bin/false users to change their passwords as you describe below.
thank you chami -------- Original Message -------- Subject: Re: Changing RADIUS Passwords Date: Wed, 24 Oct 2001 09:27:52 -0500 From: "John Blumel" <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] To: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> On Tue, 23 Oct 2001 16:39:37 -0400, [EMAIL PROTECTED] wrote: > Set their shell on the Unix system to '/bin/passwd', or whatever >other password changing tool you want. They can then log in to >change their password, and do nothing else. I've played with this and it seems to work ok. How would you evaluate this as a security risk? Theoretically, the worst case is that someone changes the password that they've stolen and I have to reset it but how much should I worry about buffer overflow or other attacks with passwd or replacements as the shell? John Blumel - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html