From owner-freebsd-questions  Sat Jul 19 16:33:23 1997
Return-Path: <owner-questions>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id QAA17147
          for questions-outgoing; Sat, 19 Jul 1997 16:33:23 -0700 (PDT)
Received: from terra.oscs.montana.edu (terra.oscs.montana.edu [153.90.2.1])
          by hub.freebsd.org (8.8.5/8.8.5) with SMTP id QAA17142
          for <questions@FreeBSD.ORG>; Sat, 19 Jul 1997 16:33:21 -0700 (PDT)
Received: from esus.cs.montana.edu by terra.oscs.montana.edu (5.65/Ultrix3.0-C)
	id AA08498; Sat, 19 Jul 1997 17:33:19 -0600
Received: from localhost by esus.cs.montana.edu (5.65v3.2/1.1.10.5/06Mar97-1051AM)
	id AA31924; Sat, 19 Jul 1997 17:33:19 -0600
Date: Sat, 19 Jul 1997 17:33:18 -0600 (MDT)
From: Justin Ashworth <ashworth@esus.cs.montana.edu>
To: Troy Settle <rewt@i-Plus.net>
Cc: Doug White <dwhite@resnet.uoregon.edu>, questions@FreeBSD.ORG
Subject: Re: Change another user's password?
In-Reply-To: <199707192320.TAA22627@radford.i-plus.net>
Message-Id: <Pine.OSF.3.95.970719172725.3362A-100000@esus.cs.montana.edu>
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-questions@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

On Sat, 19 Jul 1997, Troy Settle wrote:

> From: Justin Ashworth <ashworth@cs.montana.edu>
> >Yes, but read my original message...the users don't have shell access.
> >That's the whole tough thing about this. I guess it's just not doable.
> 
> Have you thought about setting users' shells to /usr/bin/passwd?  I've seen
> it working on many other systems, and haven't noted any particular security
> risks.

  That's been suggested and I actually considered it before. The problem
is that we have about three machines with different passwd files (no NIS+
or rdist to speak of). If a user changes their password on the POP mail
server, they will assume that it changed their password on the web server. 
The next time they go to upload their web page, they're going to call our
support line and ask why their password doesn't work. Not worth the
hassle. All I really need is a way for one user to change another user's
password - if that's possible. Remember, su'ing to root is out of the
question because I will need to be prompted for the old password so that
not just anybody can change another user's password. Also note that the
users can't change their passwords themselves because they don't have
shell access. 

  Any suggestions?

- Justin Ashworth
-- ashworth@cs.montana.edu
- http://www.cs.montana.edu/~ashworth