[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] SMBLDAP change my own password script



On Wed, 4 Jul 2007 12:53:08 +1200, Krsnendu dasa wrote
> I have an idea for a script for users to be able to change their own
> passwords in the smbldap setup.
> Would it work?
> 
> Create a script with execute only permission for everyone except root.
> The script would have one main line:
> sudo smbldap-passwd <name of user>
> 
> Create a menu launcher for the script and put it under System, Settings,
> ChangeMyPassword
> 
> I imagine it like this.
> A user clicks on the menu item. A window pops up asking for the password for
> <name of user>. Then it asks for the new password twice. Then the window
> closes.
> 
> How would I automatically get the name of the currently logged in user?

Since the script would be launched by the user, wouldn't that user have to be listed in
the sudoers file?  I suppose you could possibly add an entry in the sudoers file that
said all members of a specific group (you could add everyone to a "users" group by
default) had sudo permissions only to the script you are talking about, then they could
launch it with sudo.  They would probably then have to enter their existing password
once for sudo authentication and then the new password twice more for the change and
verification.

I don't know what other security implications there might be by adding those users to
the sudoers group, but that might work.

-- 
This message has been scanned for viruses and
dangerous content by the Cotter Technology 
Department, and is believed to be clean.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]