lubkt@spectrum.CC.Lehigh.EDU (Binod K. Taterway) (06/13/91)
I want an administrative staff to open Sun accounts for me. She will have to change passwords, change shells, change quotas, and other account-related items. I have created an account for her, call it 'admin.' The admin user belongs to the group 'admin.' All yp related stuff are modifiable by this user. I have created /etc/passwd file with write permission to admin. When I (as root) create accounts, I never work on the actual password file; instead, I work on its copy using the -F option of passwd(1). Then I check its contents using cops and other locally written packages for any error, then copy it to the proper location in /var/yp and run a make to update the NIS password map. All of this works fine for root; but -F option of passwd(1) does not work with non-root. So, I thought I might get around by generating encrypted password in the first place. Here begins my journey to the wonderous land of crypt(3), login(1), DES, and a host of other programs. I realize crypt cannot generate initial encrypted password because it doesn't have the right seed. Let EPW be the encrypted password of the clear-text password, PW. Then, EPW = crypt(PW, EPW) The second parameter of crypt is the seed: if the seed is same as EPW, then the result of crypt is same EPW. This is what is presumably used by login programs to validate a user. But, my problem is to generate EPW without initial seed. So I thought, may be, I will create a dummy user, and get the EPW by using the passwd(1) program directly (change password of this dummy user, awk/grep the password field of this user, and use it in the EPW field of the new user's password. But this means that I will working on the password file directly, and I don't like to do that. Perhaps there is simpler way. Sure, use setuid shell script. Being a security advocate, I just don't write such scripts and I am not going to start now. But I am dying to relieve myself of the burden of day-to-day account management. Perhaps someone would like to share her/his recipe on this issue if they have found a way of doing this neatly from a non-root account. -- --- Binod Taterway | lubkt@spectrum.CC.Lehigh.EDU Sr. User Consultant | bt00@lehigh.BITNET Lehigh University Computing Center | (215) 758-3984 (off) Bethlehem, PA 18015 | (215) 758-4983 (fax)