07-25-2019
I think is is pretty common these days to create web-based interfaces to change user passwords, even for shell accounts.
It can be more secure to do it via a well-written web interface than giving employees direct access to the shell.
In addition, a well written web-based interface can easily enforce local organizational policies for password strength, etc.
You can do a lot with a well-written web app these days.
However, if you do not have a lot of experience writing web apps, creating a password-changing app is not the best place to get started.
On the other hand, it really depends on the "criticality" of the application.
To properly advise, I would need to know the "criticality" of the application. All applications are not created equal and IT security is not a "one size fits all" profession.
Cheers.
This User Gave Thanks to Neo For This Post:
9 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
Hi all,
I want to write a script which logs into a database (DB2). To do this i need to have a password. This will be done lots and lots of times, so i need to modify the script to automate the response to the password request.
How do i this, because at present i do the following:
db2 connect... (3 Replies)
Discussion started by: Liamo
3 Replies
2. UNIX for Dummies Questions & Answers
Hi,
I'm trying to create a shell to change some user password with random string.
I've tried to use stdin redirection to supply the new password by a response file:
passwd theuser < respfile
but I continue to be prompted for supplying pwd via console keyboard.
Can you help me to... (2 Replies)
Discussion started by: nisant
2 Replies
3. Shell Programming and Scripting
Hi everybody, can someone please suggest me how to implement the running of SQL table scripts(.sql) at a specific time automatically in UNIX ?Thanks (2 Replies)
Discussion started by: konquistador
2 Replies
4. UNIX for Dummies Questions & Answers
Hi all,
I'm quite limited in UNIX unfortunately for me, and need to find a solution to something thats giving me headaches every morning. We need to make daily backups of a server we have in the office every morning, as well as then FTPing the created backup files over to a specific FTP address... (3 Replies)
Discussion started by: de049
3 Replies
5. Shell Programming and Scripting
Hi
Can anyone help me in automate a ssh session with password using shell script (7 Replies)
Discussion started by: raghav288
7 Replies
6. Shell Programming and Scripting
I have a database that contains a list of server names, and the password for the root user on several servers (100+). I need to verify the passwords for each of the servers in an automated fashion because the database continues to grow. All of the users that I'm going to test are ROOT. I can't... (1 Reply)
Discussion started by: jbeck22
1 Replies
7. UNIX for Advanced & Expert Users
I have written the below scripts .
ldap_pwd_prompt.ksh
#!/usr/bin/ksh
passwd -r ldap
interactive_pwd_change.exp
#!/usr/local/bin/expect
set timeout 10
set curpass
set newpass
spawn ./ldap_pwd_prompt.ksh
expect "Enter existing login password:"
send "$curpass\r"
expect "New... (6 Replies)
Discussion started by: dr46014
6 Replies
8. UNIX for Advanced & Expert Users
Our application runs on AIX and the users of the application do not have a way to land at the prompt/shell by any means. When they login to the box, the application opens up directly. I would like to know of a way to automate the password reset process for these user ids, without them having to... (2 Replies)
Discussion started by: ggayathri
2 Replies
9. Solaris
I'm trying to automate the patching process using scripts and cronjobs in Solaris 11.
one of the things I'd like to do is cleanup the old boot environments.
unfortunately
beadm destroy
requires a response
:~$ pfexec beadm destroy -f solaris-13
Are you sure you want to destroy... (3 Replies)
Discussion started by: os2mac
3 Replies
LEARN ABOUT HPUX
pwd_strengthd
pwd_strengthd(1m) pwd_strengthd(1m)
NAME
pwd_strengthd - The sample Password Management Server
SYNOPSIS
pwd_strengthd [+/-all[_spaces]] [+/-alp[ha_num]]
[-c[ache_size]] size [-d[ebug]]
[-m[in_len]] pwd_min_len [-t[imeout]] minutes
[-v[erbose]]
OPTIONS
Allow passwords to be all spaces. If this option is not set, the effective registry policy is used. Disallow passwords to be all spaces.
If this option is not set, the effective registry policy is used. Allow passwords to consist only of alphanumeric characters. If this
option is not set, the effective registry policy is used. Disallow passwords to consist only of alphanumeric characters. If this option is
not set, the effective registry policy is used. Specify the number of hash buckets in the password cache. The password cache is used to
store generated passwords which are retrieved when the password is strength checked. The password cache is a hash table with a linked list
for collisions. The size should be set to a reasonable value based on how large the cache will be on average. The default value if not
specified is 100. Run in the foreground. Log messages are written to standard output. Specify the minimum length of a password. If this
option is not set, the effective registry policy is used. Specify the time, in minutes, that generated passwords remain in the cache
before they are deleted from memory. If this option is not specified, the default time is 30 minutes. Runs in verbose mode. More detailed
messages are sent to the logfile $DCELOCAL/var/security/pwd_strengthd.log. (Use of this option is recommended.)
DESCRIPTION
DESCRIPTION
pwd_strengthd is a sample Password Management Server. It exports the rsec_pwd_mgmt application programming interface.
pwd_strengthd generates passwords and strength-checks them. It enforces the security registry policy for password strength-checking.
Administrators can override the security registry policy via the command-line options (alpha_num, all_spaces, min_len.)
Administrators can subject principals to password-strength and -generation policies by attaching the following ERAs: Specifies the password
management policy the user must conform to when selecting passwords. Specifies information required in order to connect to the password
management server.
See the OSF DCE Administrator's Guide -- Core Services for more information and examples. You may want to enhance pwd_strengthd to support
your site's policies for password strength and generation.
pwd_strengthd(1m)