[sork] passwd ameliorations...
Guillaume
assoupis at eurythmics.servebeer.com
Thu May 22 16:58:45 PDT 2003
I've just started configuring it and discover some some problems here and there.
- We can change any user password since logged in
- There is no notice about security in the expect script and they suggest
suggest sending password over telnet
- There is to place to configure the expect script. In the lib/Driver/expect and
in the expect script itself. It's way strange when you change the config file
and it still acting the same
- There must be two way of choosing who can change password, a) inclusive or b)
exclusive, i.e.a) root can't change password and b) fartface could change is
password. This could be a nice idea to make a list of them since we can use it
to do multi-layer security in some case (i.e. checking again in the expect
script if the user is banned/allowed)
- It is possible to make a script to test what are the string used by passwd and
ssh, so, possible to make a "configurator" for the expect script
I will probably soon correct some of them so I wan't to know how should I send
corrections.
Rock On !
More information about the sork
mailing list