On Wed, Feb 21, 2007 at 09:04:58PM -0500, Andy Random wrote:
>
> I have a number of users who have CVS/pserver access to a machine but who
> do not have shell login privileges on the machine.
>
> I'd like a way to let them set/change their own passwords (currently I'm
> having to create and distribute passwords when I create the account)
> without actually giving them the ability to login to the server.
One icky way of doing this is to set their login shell to be
/usr/bin/passwd - that way they can connect and are immediately
prompted for a new password.
In the past I admin'd a machine setup with a shell script which
could be simplified to this for each user:
#!/bin/sh
clear
while true; do
echo "Enter 'passwd' to change your password or 'quit' to exit"
read line
case "$line" in
passwd|password)
/usr/bin/passwd
;;
quit)
/usr/bin/clear
echo "Exiting"
exit
;;
*)
echo "Unrecognized response"
;;
esac
done
Alternatively you might be able to just mandate the use of public
key based authentication and sidestep the entire problem ...
Steve
--
