From owner-freebsd-questions@FreeBSD.ORG  Tue Jun 15 13:46:44 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 35E7316A4CE
	for <freebsd-questions@freebsd.org>;
	Tue, 15 Jun 2004 13:46:44 +0000 (GMT)
Received: from smtp.infracaninophile.co.uk
	(happy-idiot-talk.infracaninophile.co.uk [81.2.69.218])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D520143D48
	for <freebsd-questions@freebsd.org>;
	Tue, 15 Jun 2004 13:46:42 +0000 (GMT)
	(envelope-from m.seaman@infracaninophile.co.uk)
Received: from happy-idiot-talk.infracaninophile.co.uk
	(localhost.infracaninophile.co.uk [IPv6:::1])i5FDkL9K091295
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
	for <freebsd-questions@freebsd.org>;
	Tue, 15 Jun 2004 14:46:21 +0100 (BST)
	(envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk)
Received: (from matthew@localhost)id i5FDkLle091294
	for freebsd-questions@freebsd.org;
	Tue, 15 Jun 2004 14:46:21 +0100 (BST)	(envelope-from matthew)
Date: Tue, 15 Jun 2004 14:46:21 +0100
From: Matthew Seaman <m.seaman@infracaninophile.co.uk>
To: freebsd-questions@freebsd.org
Message-ID: <20040615134621.GA91079@happy-idiot-talk.infracaninophile.co.uk>
Mail-Followup-To: Matthew Seaman <m.seaman@infracaninophile.co.uk>,
	freebsd-questions@freebsd.org
References: <40CE8CB9.9050504@synthexp.net>
	<20040615131601.GA32001@millerlite.local.mark-and-erika.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="4Ckj6UjgE2iN1+kY"
Content-Disposition: inline
In-Reply-To: <20040615131601.GA32001@millerlite.local.mark-and-erika.com>
User-Agent: Mutt/1.5.6i
X-Greylist: Message not sent from an IPv4 address, not delayed by
	milter-greylist-1.3.8 (smtp.infracaninophile.co.uk [0.0.0.0]); Tue, 15 Jun
	2004 14:46:21 +0100 (BST)
X-Virus-Scanned: clamd / ClamAV version devel-20040612, clamav-milter version
	0.72a	on smtp.infracaninophile.co.uk
X-Virus-Status: Clean
X-Spam-Status: No, hits=-4.8 required=5.0 tests=AWL,BAYES_00 autolearn=ham 
	version=2.63
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on 
	happy-idiot-talk.infracaninophile.co.uk
Subject: Re: Detaching program from controlling terminal
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Jun 2004 13:46:44 -0000


--4Ckj6UjgE2iN1+kY
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Jun 15, 2004 at 09:16:02AM -0400, Mark Frank wrote:
> * On Tue, Jun 15, 2004 at 01:44:25PM +0800 Ihsan Junaidi Ibrahim wrote:
> > Hi all,
> >=20
> > I'm somehow stuck in the loop now and am hoping some of you can give me=
=20
> > pointers on how to proceed. Due to a customer requirement, I need to=20
> > build a simple web-based (via cgi or php) script to change the system=
=20
> > password. They found that sshing to the server and typing passwd to=20
> > change the password is wee too involving hence the need to use a much=
=20
> > friendlier interface. Letting the sysadmins change the user's password=
=20
> > is not a good idea, as the sysadmins are outsourced and the users value=
=20
> > their privacy.=20
>=20
> I'm sure I'm preaching to the choir here but what privacy do they think
> they are protecting since the sysadmins have root already?

The fact that sysadmins generally don't know users' passwords, and
have no practical means of finding them out if the user doesn't want
them to know what it is.  Passwords are stored as a checksum of the
plaintext+salt -- which operation can't be reversed easily (assuming
modern encryption techniques -- the original DES password system can
be brute-forced just about feasibly nowadays).

Since the sysadmin doesn't know what the users' password is on the
systems he admins, the user can safely use the same password on other
systems with different admins.

Now, the sysadmin can always modify the users' password on any system
they control, but they can't do that without letting the user know
they've done it.  And it would have to be an extremely thick user to
use a password generated by a third party on some other accounts.

	Cheers,

	Matthew

--=20
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK

--4Ckj6UjgE2iN1+kY
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)

iD8DBQFAzv2tiD657aJF7eIRAos6AKCTURm8ZAfcAXVQgbROewvk8f7KgACdEg99
+FA7N+aVpMV7DxrTzXUZ6RI=
=BrA4
-----END PGP SIGNATURE-----

--4Ckj6UjgE2iN1+kY--