Hello!
I'm root, I'm on a Debian Slink or on a Debian Potato, and I would like to
present my intranet users a web page to change their passwords. It would be
easy to do, if I just had to work with the good old /etc/passwd database: read
the old password, verify it, encrypt the new one and change it in passwd.
Now we have shadow passwords, MD5 hashes, NIS, LDAP, PAM... wow! It's
fantastic, but I need something that knows how to change passwords on my
system, because I don't.
I would like to call passwd from my setuid root CGI (in which all security
precautions would have been taken), feed him the new password and let him to
whatever it pleases, but it could complain about passwords being too weak.
I don't need those checks: I could call a password checker from the CGI to
complain to the user in a web page in case I needed to, but I want a way to say
"set bob's password to '42bob69'" and have it done even if bob's password is
'a', or an empty string, in whatever way the system is configured to do it.
passwd had a switch (-o, if I can recall it well) for root telling it not to
complain about weak passwords, but now it's gone. I used it to add a password
to my home user account when connecting to Internet, and removing it on
disconnect.
How can I do it cleanly on a Debian system? Is there a PAM call for it? Is it
possible at all?
It's also a problem changing passwords with Samba, since it uses a chat script
with passwd to do the job, but has problems reporting if and why the password
was or was not updated.
Thanks in advance.
Read you soon! Enrico
--
GPG public key available on finger -l [EMAIL PROTECTED]
