Date: Fri, 12 Dec 2003 10:42:37 -1000 From: Clifton Royston <cliftonr@tikitechnologies.com> To: freebsd-hackers@freebsd.org Subject: Re: Disillusioned with PAM Message-ID: <20031212104237.C3647@tikitechnologies.com> In-Reply-To: <20031212200046.0E6A016A4D8@hub.freebsd.org>; 12:00:46PM -0800 References: <20031212200046.0E6A016A4D8@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Dec 12, 2003 at 12:00:46PM -0800, freebsd-hackers-request@freebsd.org wrote: > Date: Fri, 12 Dec 2003 17:31:36 +1030 > From: "Daniel O'Connor" <doconnor@gsoft.com.au> > Subject: Re: Disillusioned with PAM > On Thursday 11 December 2003 20:35, staf wagemakers wrote: > > > /usr/bin/passwd will be a real pain to use for a Web GUI as it > > > requires a pty, which means extensive "coding around it" to fake one up > > > for it a la poppassd. I thought PAM was going to solve this for me, > > > because of the "password management" function designed in... only it > > > appears so far that no PAM method which implements local password > > > changing actually exists on FreeBSD. What a mess. > > > > CGIpaf supports FreeBSD without pam basically it runs "pwd_mkdb" to > > update the password. If you need c functions to update a password the > > source might be useful to you. http://staf.patat.org/cgipaf/ > > The 'pw' command can change passwords (among many other things) and it does > not need a pty, eg.. > echo newpassword | pw usermod foobar -h 0 Thanks for taking the time for the note. One of my co-workers suggested pw to me the previous evening, and I discovered the -h option in the man page. I had my CGI working to do password changes before the end of the evening, so I can confirm that this solution works fine! > In a CGI you would open a pipe to pw and feed it the password. It's just a hair trickier, because you presumably don't want your CGI to run as root, nor to have pw be suid - but a tiny suid wrapper in Perl with thorough parameter and taint checking took care of that. Just recording the solution for the archives. -- Clifton -- Clifton Royston -- cliftonr@tikitechnologies.com Tiki Technologies Lead Programmer/Software Architect Did you ever fly a kite in bed? Did you ever walk with ten cats on your head? Did you ever milk this kind of cow? Well we can do it. We know how. If you never did, you should. These things are fun, and fun is good. -- Dr. Seuss
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031212104237.C3647>