Linux Today: Linux News On Internet Time.

Updating Unix And Linux Passwords Via The Web Browser

Dec 16, 2008, 04:32 (0 Talkback[s])
(Other stories by Mike Tremell)

[ Thanks to Mike Golvach for this link. ]

"Now, we'll go on record right away (admittedly, this is the second paragraph, so we're lagging behind already ;) by stating that we do not specifically endorse this method of password changing. It's very convenient (for users both trustworthy and malicious) and does the job, but, use of this script in a secure environment (or any environment that requires protection) is not recommended. Not only does this script open up many potential security holes by allowing access to system commands (albeit via another script that gets called, so it's not "unbelievably" easy to misuse), it will almost guarantee that you won't get your Sarbanes Oxley compliance certificate :) That being said, if you have a small internal net (quarantined from production and other environments) this can be a handy way to do your updates. In the worst case, you can just forego the "web experience" and do your mass password updates using Expect (or any other tool) from the CLI."

Complete Story

Related Stories: