From owner-freebsd-questions  Mon Jul 21 01:26:19 1997
Return-Path: <owner-freebsd-questions>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id BAA00151
          for questions-outgoing; Mon, 21 Jul 1997 01:26:19 -0700 (PDT)
Received: from radford.i-plus.net (root@Radford.i-Plus.net [206.99.237.6])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id BAA00146
          for <questions@FreeBSD.ORG>; Mon, 21 Jul 1997 01:26:17 -0700 (PDT)
Received: from totally.fuckin.nutty.net (insane@totally.friggin.nutty.net [206.99.237.44])
	by radford.i-plus.net (8.8.6/8.8.5) with SMTP id EAA10969;
	Mon, 21 Jul 1997 04:24:51 -0400 (EDT)
Message-Id: <199707210824.EAA10969@radford.i-plus.net>
X-Mailer: Microsoft Outlook Express 4.71.0544.0
From: "Troy Settle" <rewt@i-Plus.net>
To: "Justin Ashworth" <ashworth@esus.cs.montana.edu>
Cc: <questions@FreeBSD.ORG>
Subject: Re: Change another user's password?
Date: Mon, 21 Jul 1997 04:28:46 -0400
X-Priority: 3
X-MSMail-Priority: Normal
MIME-Version: 1.0
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-MimeOle: Produced By Microsoft MimeOLE Engine V4.71.0544.0
Sender: owner-freebsd-questions@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

From: Justin Ashworth <ashworth@esus.cs.montana.edu>
>On Sat, 19 Jul 1997, Troy Settle wrote:
>
>> From: Justin Ashworth <ashworth@cs.montana.edu>
>> >Yes, but read my original message...the users don't have shell access.
>> >That's the whole tough thing about this. I guess it's just not doable.
>>
>> Have you thought about setting users' shells to /usr/bin/passwd?  I've
seen
>> it working on many other systems, and haven't noted any particular
security
>> risks.
>
>  That's been suggested and I actually considered it before. The problem
>is that we have about three machines with different passwd files (no NIS+
>or rdist to speak of). If a user changes their password on the POP mail
>server, they will assume that it changed their password on the web
server.
>The next time they go to upload their web page, they're going to call our
>support line and ask why their password doesn't work. Not worth the
>hassle. All I really need is a way for one user to change another user's
>password - if that's possible. Remember, su'ing to root is out of the
>question because I will need to be prompted for the old password so that
>not just anybody can change another user's password. Also note that the
>users can't change their passwords themselves because they don't have
>shell access.

Whoah... perhaps I'm being dense this morning.  Let's pick this apart a
bit.

user logs into a guest account on server A.  They run this modified passwd
program to change another user's password (their own password actually). 
How do servers B and C get updated?  Here, you run into the same problem as
using /usr/bin/passwd as a login shell.  Either way, only 1 out of the 3
servers has the new password.

*shrug*  either Justin or myself is lost... I think I'm going to go back to
bed.

Troy Settle <st@i-Plus.net>
Network Administrator, iPlus Internet Services
http://www.i-Plus.net