smbldap-passwd fun.
Dave Bour
dcbour-Uj1Tbf34OBsy5HIR1wJiBuOEVfOsBSGQ at public.gmane.org
Tue Jul 4 10:56:18 UTC 2006
Had a similar problem. Created a web front end that creates a change password file that a peel script looks for every 10 seconds. Not elegant but it works
D
Dave Bour
Desktop Solution Center
905.381.0077
dcbour at desktopsolutioncenter.ca
For those who just want it to work...
Giving you complete IT peace of mind.
(Sent via Blackberry - hence message may be shorter than my usual verbose responses)
PIN 3010A5AF (as of June 12, 2006)
-----Original Message-----
From: owner-tlug at ss.org <owner-tlug at ss.org>
To: tlug at ss.org <tlug at ss.org>
Sent: Tue Jul 04 01:02:49 2006
Subject: [TLUG]: smbldap-passwd fun.
I'm trying to get users to be able to change their passwords
(LDAP + SAMBA in one go) with smbldap-passwd; this works, but the
command has to read a file that contains the admin password to the
LDAP tree - this is a slight problem.
SETUIDing it doesn't work, because further file-open calls are
done as the user, so permissions are an issue. sudoing doesn't work,
either, because then the user could change anyone else's password.
Annoyingly enough, I can't chmod 711 it, as the shell
complains that it can't read it; so much for being able to execute a
file without having to read it.
Further, I can't just set the users' shell to that command,
because they need to be able to ssh in and run other commands.
About the only thing I can think of is making a custom shell
that only allows a few commands to be run (nothing that could
open/read/cat a file), or using a web-based frontend - I've heard
phpldapadmin or somesuch mentioned.
Has anyone ever ran into such a situation/requirement?
Thanks in advance,
-- Vlad
--
end
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/legacy/attachments/20060704/d877fca5/attachment.html>
More information about the Legacy
mailing list