UNIX for Beginners Questions & Answers

Hi,

we are running solaris 5.10 and looking for solutions to automate password resets? Plz assist.

Thanks,
Sridhar

Can you please be more specific about what you mean by "password resets".

Solaris allows you to enforce password expiry thereby forcing users to change their own passwords and, if they don't, lock their accounts.

Or are you looking for a way to reset users passwords that have been lost?

i am looking for web based tool so that associates can reset the pwd with out the need to call helpdesk. similar to self service password reset tool.

Any script to do that would need to run as root because that is the only account that won't be prompted for the old password.

How will you positively identify the user? Ask them to enter their email address and then send them a link to do the password reset?

Where is the web server for you to do that? Assuming you have a web server you then have to have a mechanism for a URL link to call in (on a specific port perhaps) and run a script as root. Probably a substantial security risk.

i am not a unix admin. My intention is to automate unix password reset. if you could help me with some documentation for the below, probably we do a POC. else plz help me with other options to achieve this. thanks for your help.

If I understand you correctly, you are trying to automate (self-service) the changing of userid passwords on the actual host system. Usually, when you see these type of self-service facilities they relate to login to a web server and the password reset offered is only for that web application NOT a userid on the main host. That's tricky from a security point of view. I've not heard of that being done (this way) before but there may well be someone on this forum that has.

I think is is pretty common these days to create web-based interfaces to change user passwords, even for shell accounts.

It can be more secure to do it via a well-written web interface than giving employees direct access to the shell.

In addition, a well written web-based interface can easily enforce local organizational policies for password strength, etc.

You can do a lot with a well-written web app these days.

However, if you do not have a lot of experience writing web apps, creating a password-changing app is not the best place to get started.

On the other hand, it really depends on the "criticality" of the application.

To properly advise, I would need to know the "criticality" of the application. All applications are not created equal and IT security is not a "one size fits all" profession.

Cheers.