I've been working on some Linux/Sendmail scripts to manipulate accounts
from a Windows NT RSH session, and have a few questions for anyone
willing to help.
1. We're shadowing passwords (of course), which forces us to go through
the passwd utility to setup and/or change the password on an account.
Is there a way to use the passwd utility from within a script? Or is
there an alternative, non-interactive, PAM compliant, way to setup/alter
passwords, via bash (or perl) scripting, that might be a better
solution? If I can't find another way I'm leaning towards unencrypted
passwords in the passwd file. Then it would be stupid simple to use
sed, but I'm very uncomfortable with the idea.
2. We're RSH'ing from NT successfully, with a security snafu... If we
give the RSH login account the root privelidges required to edit the
passwd file (adduser), then RSHD denies them access (known issue,
ambiguous resolution). If we use a non-root access account RSH works
beautifully but the script lacks the necessary access rights to add a
user. Sooo... Can anyone tell me how to either:
a: Alter the access priviledges a script executes under (like
SUID on an executable (ideal, but unlikely?)).
b: Configure the RSHD daemon to allow root accounts to log on.
(probably simple, but not secure (pty?))
c. Alter the passwd files security settings to allow
modification from non-root accts. (without side-effects)
d. Or perhaps there is a group/user ID that would allow both?
3. Does anyone know of a SSH client for Windows NT that is compatible
with the redhat daemon?
This is wrapped around a windows accounting system with hooks for
command lines and arguments, with a redhat back-end. This has become my
responsibility, and these are the only issues I haven't been able to
overcome yet. Any assistance would be most heartily appreciated.
Thanks,
Andy
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
