Security Basics mailing list archives

RE: remote passwd change

From: "Ruiz Cifuentes, Rolando Matias (CL - Santiago)" <rruiz () deloitte cl>
Date: Fri, 3 Oct 2003 14:19:56 -0400

THANKS for all your answer, web-chpass made it for my needs.

http://www.unicom.com/sw/web-chpass/

it's a simple, safe, configurable cgi, that you "make, make install" and
it's working.
in the web page it says that it's only test in RedHat 7.2 but i've tested in
my debian machine with no problem at all (just different apache
configuation...)

Thanks again, ;)

Rolando Ruiz


-----Original Message-----
From: cc [mailto:cc () belfordhk com]
Sent: jueves, 02 de octubre de 2003 23:22
To: security-basics () securityfocus com
Subject: Re: remote passwd change


Ruiz Cifuentes, Rolando Matias (CL - Santiago) wrote:


telnet myserver anyport (using a .bat file in their computers)

and then the server replies something like:

Enter your Username: <user>
Enter your OldPass: <pass1>
Enter your NewPass: <pass2>
Enter your NewPass again: <pass2>
Your password has been change. Have a nice day!


I've been trying to do this for eons and still haven't
figured it out.  As with non-linux users, they won't/
don't understand why they need to telnet to a server.

I thought about using a secured web form installed on
the company's server and accessible only to LAN users;
but couldn't figure out how to get the perl script/
php script to actually change the passwords since
the UID/GID of the Apache server isn't root-based
(which is the correct way of doing things).

I did find something like chpass on the net, but
couldn't figure out how to get it running.

The only way, right now that i can think of, is
to teach the users the benefit of your solution. (Making
sure, of course that the telnet port is only
accessible to LAN IPs.)

If someone out there has any good ideas, I'm also
willing to try.





---------------------------------------------------------------------------
----------------------------------------------------------------------------

---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

Re: remote passwd change, (continued)
- Re: remote passwd change Burak Bilen (Oct 03)
- Re: remote passwd change Brian Shaw (Oct 03)
- Re: remote passwd change Darrin (Oct 03)
- Re: remote passwd change Erick Turnquist (Oct 03)
- Re: remote passwd change cc (Oct 03)
- Re: remote passwd change Oleksandr Darchuk (Oct 03)
- Re: remote passwd change Gabriel Orozco (Oct 03)
- Re: remote passwd change george njoku (Oct 03)
- Re: remote passwd change buzzdee (Oct 06)
- Re: remote passwd change Tiago Quadra (Oct 06)
- RE: remote passwd change Ruiz Cifuentes, Rolando Matias (CL - Santiago) (Oct 03)