 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
Hey,
I've got a linux box running some applications that require
a "local account" (in /etc/passwd) to authenticate users.
However I don't want to enable shell access, so I have those
users' shell set to /sbin/nologin. However I want to provide
a way for these users to change their local password....
Does anyone have a good script for a webapp to let people
change their local password? I did find a PHP script but it
requires sudo which I consider unsafe. That same page also
had a PHP function to call out to expect so that you don't
need sudo, but it doesn't gracefully handle an incorrect username
or incorrect "Old Password". If the user supplies an incorrect
entry then the next entry gets printed into my http error log:
send: spawn id exp16 not open
while executing
"send "xxx\r""
So I'm asking the greater Boston inteligencia for any suggestions or
pointers, or perhaps help with my expect script (see PHP function below)
Thanks,
-derek
// change the password for the user
function changePassword($user, $currpwd, $newpwd) {
$cmd = "";
// Open a handle to expect in write mode
$p = popen('/usr/bin/expect','w');
// Log conversation for verification
$log = '/tmp/passwd_' . $user . '_' . time();
$cmd .= "log_file -a \"$log\"; ";
// Spawn the change-passwd command as $user
$cmd .= "spawn /bin/su $user -c /usr/bin/passwd; ";
$cmd .= "expect \"Password:\"; ";
$cmd .= "send \"$currpwd\\r\"; ";
// Change the unix password
$cmd .= "expect \"(current) UNIX password:\"; ";
$cmd .= "send \"$currpwd\\r\"; ";
$cmd .= "expect \"Enter new UNIX password:\"; ";
$cmd .= "send \"$newpwd\\r\"; ";
$cmd .= "expect \"Retype new UNIX password:\"; ";
$cmd .= "send \"$newpwd\\r\"; ";
$cmd .= "expect \"passwd: password updated successfully\"; ";
// Commit the command to expect & close
fwrite($p, $cmd); pclose ($p);
// Read & delete the log
$fp = fopen($log,'r');
$output = fread($fp, 2048);
fclose($fp); unlink($log);
$output = explode("\n",$output);
return (trim($output[count($output)-2]) == 'passwd: password updated successfully') ? true : false;
}
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord-DPNOqEs/LNQ at public.gmane.org PGP key available
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
