Topic: Password change from shell prompt??

[Jason Judge]

This must have been asked before, but I can't dig out any solutions from the forums, so:-

How can a user change their SME password from a shell prompt? A Unix 'passwd' will change the password for shell login, ftp and web-mail, but not Samba.

Would I be right to assume this can only be done with root's involvement at some stage, so the user must go through the user-password or user-manager admin panes?

-- Jason

[Urirama]

Users can change their own password at http://your_server:980/e-smith-password/
Why do you want them to do it from a shell prompt?

[Jason Judge]

Because the users would be accessing the facility -mostly - over the Internet and ssh access is very easy to implement.

The alternative methods using PPTP/SSL tunnelling etc. to get onto my local network via local port redirection etc. is a complex kludge. I just want to keep it simple for now.

I'm setting up the infrastructure for a small development project, and I've been messing around trying to get CVS, SSH etc working for weeks. Now that's in place I really need to start getting on with the project work, so I want to avoid jumping through more complicated hurdles just so developers can set their own password.

Unless, of course, it's easier than I think?

I could change it on their behalf. Since root access lets me access all their files anyway, there's no reason why I shouldn't know their password (I could promise to eat it, once set?).

-- Jason

[Urirama]

Once ssh'd into the server "lynx your_server:980/e-smith-password/" still works...  It's not a very neat solution, but it's a start.

[Jason Judge]

No, I disagree!

That _is_ neat. Thanks very much, it works a treat from the shell command line:

   lynx localhost/e-smith-password

Likewise this works too:

   lynx localhost/user-manager

With the user-manager I can give the users any arbitrary management tool I want. Since the user is running this from a shell on the server, there is no need for the port 980 nor the full domain name. Also, as the user is accessing this shell prompt via ssh, the display and keystrokes are encrypted so passwords aren't transmitted as plain text.

This is very neat as all the user functions are accessible from anywhere on the Internet using just one tool: ssh (I use the excellent putty).

Ta,

-- Jason

[Terry Brummell]

There is a cgi script floating around that allows users to change passwords from the external interface.  I use it on my site and it works fine.

Terry

[Nathan Fowler]

You could always update /etc/passwd to use /usr/bin/passwd as opposed to /bin/sshell.  By doing so when a user logs on the are able to change their password.  Just a thought.

[Jason Judge]

Nathan,

I'm not quite sure what you mean, could you explain it any further? The user is able to issue a 'passwd' command without a problem and it does set a new password that is accepted by IMP and SSH.

It is just the Samba shares that don't seem to get their passwords changed: I can only connect to the Samba shares using the old password. Having said that, I don't entirely trust Win2000 SMB and cannot really say what username/password Win2000 is _really_ connecting as. Windows has its own way of doing things, and passwords are hidden behind the scenes once they have been entered and often refuse to be changed.

-- Jason

[Nathan Fowler]

Ah, didn't know that was the hang-up.  Are you using the actual /usr/bin/passwd command and that isn't updating SAMBA?

Looking at my Samba.conf there is a directive telling that the SMB password file is /etc/smbpasswd and not /etc/passwd.  That being said, you may need to trigger an additional command other than /usr/bin/passwd, that command being /usr/bin/smbpasswd.

So, you could do the following to enable "Changing password" on SSH by:
Renaming /bin/sshell to /bin/sshell.old
Creating a new file called /bin/sshell with 755 access.

#!/bin/sh
#Password change script
/usr/bin/passwd
/usr/bin/smbpasswd

That would cover both SMB and the other services as well as providing the level of service you want.  A user would be unable to do anything past changing an SMB and System password.

[Scott Smith]

Or just use the Mitel utilities to do this for you. Assuming you can write the script necessary to collect the username and password, then this is what you'd do in bash:

perl -e "
use esmith::util;
esmith::util::setUserPassword( '$username', '$password' );"

Or, if you prefer to require the previous password in order to change it:

perl -e "
use esmith::util;
esmith::util::setUserPasswordRequirePrevious( '$username', '$oldPassword', '$newPassword' );"

All $vars are shell vars.

[Nathan Fowler]

Scott has a good idea, if necessary I can code the Perl or Bash front-end.  Probably would be better to just code it in perl.

[Jason Judge]

That's great! Thanks, Nathan,

I never even realised there was an 'smbpasswd' command, so I'll give it a go tonight. I think on the older versions of Samba that I have access to on client's Solaris machines, the Samba password is linked to the Unix password.

If this works, it should give me exactly the facility I need.

Ta,

-- Jason

[Nathan Fowler]

Anytime..I think there is a way to link it to use /etc/passwd, but I'm not very familar with SAMBA.  Perhaps it would be as simple as changing the password file line, but I make no promises.  Probably would be best to just use the smbpassword command.

Nathan