views:

396

answers:

5

What is the best way to change a user-password remotely in Unix? This must be performed by the user, in a Web-app or Windows-App, without using SSH or any direct connection between the user and the server (direct command line not allowed).

Thanks

+5  A: 

Use Webmin (more specifically the UserMin module).

Webmin provides a mini webserver, so you just need to install and configure it slightly. You'll get a lot more than just password-changing, and you can remove functionality you don't want the user to have.

gbjbaanb
A: 

You could write a server side script that ran passwd, you could do that in any language that allows shell commands to be run.

Rich Bradshaw
If you write a script to run passwd on the remote host, you might as well just execute passwd on it: you're not addressing the "remote" issue. Furthermore, exposing a script like you're proposing via some other service (say HTTPS) seems like a security risk.
antik
Any server side scripting language that will also work with Apache would work for this and isn't any more of a security risk than Webmin if coded correctly.PHP, Ruby, Perl
Simurr
+1  A: 

@Rich Bradshaw

Just make sure you don't introduce security issues. The solution should use https encryption (the password should be never sent in clear text). It should be protected against shell injection attacks (strip any newlines from input, escape it properly etc). More details depend on choosen implementation.

phjr
A: 

Webmin seemed to be a good application to do that, but I found it extremely hard to configure it right. My Unix users are unable to login to Webmin or Usermin.

Do you know any other alternatives to Webmin and Usermin?

Thanks

Armadillo
+1  A: 

I've done this in the past to change passwords on several servers at once by using a script written in Expect. It's perfect for the job but you will need the servers to be listening via SSH.

Once written, the script will execute on your local workstation and will connect to the remote host, do the interaction you've scripted, and then you should be gold. All the while, using the encryption you're already trusting if you're running SSH. Just don't save the passwords in your script: you should be able to prompt yourself for them (even taking them by command line argument is generally considered poor practice.)

Expect is a great language too: lots of fun!

antik