May 08, 2003
resetpass update
Tags: SHANTI

resetpass is being updated to support the seminary servers and add support for LDAP password changes.

The new version adds several things:

  1. Remote password changing program: the remote program is a simple command line password changer that is run on a remote host through an SSH tunnel. This requires null-passphrase SSH keys to be set up between SHANTI and the remote server (in this case Bathsheba). Note that the SSH keys and host information must be in root's .ssh directory since resetpass runs as root under sudo.
  2. LDAP password changing: it is possible to specify an LDAP server and the appropriate DN and password to reset or change someone's password in an LDAP directory. If LDAP support is specified, the initial authentication check is done via LDAP binds rather than getpwnam lookups.
  3. New password specification: this script will take the place of passwd in Samba's system password synchronization, and as such needs to be able to accept a new password specified by the user. The -n argument signals this. If given, resetpass will prompt for the new password rather than generating a random one.

Other minor new features include a command line argument to specify the configuration file (necessary to support two configuration files: one for password resets via the web interface and one for password changes initiated from Samba), checking of the $SUDO_USER environment variable (necessary to work out some kinks with the passwd account and admin users restarting Samba with sudo), and support for password change notifications (another change module: uses a local program to "notify" password changes - could, for example, send e-mail with the user's username to a specified address, or other nasty insecure things - don't use it).

Zach and Steve Spyker have been testing this version for seminary changes with good success. I suspect it will go live on Monday for general purpose resets. It will go live for Samba resets when we move to LDAP authentication (and put in the new Samba).

Posted by Rowan Littell at May 08, 2003 11:41 AM
Comments
Post a comment
Name:


Email Address:


URL:


Comments:


Remember info?