[sork] passwd ameliorations...

Eric Rostetter eric.rostetter at physics.utexas.edu
Mon May 26 08:10:19 PDT 2003


Quoting Guillaume <assoupis at eurythmics.servebeer.com>:

> I've just started configuring it and discover some some problems here and
> there.
> - We can change any user password since logged in

Only if you know their username and password.  If so, well, you can
pretty much do anything you want, no?

> - There is no notice about security in the expect script and they suggest
> suggest sending password over telnet

True.  I'll see about adding some warnings in the docs.  It does support
ssh though, for those who want security.  Also, it can be used with telnet
over localhost on a (no user login allowed) server to secure it in most
OS implementations of localhost/loopback interfaces.

> - There is to place to configure the expect script. In the lib/Driver/expect
> and
> in the expect script itself. It's way strange when you change the config file
> and it still acting the same

You'd have to be more specific for me to look at this, or wait and hope
the expect driver author does something here, or of course change it
yourself.

> - There must be two way of choosing who can change password, a) inclusive or
> b)
> exclusive, i.e.a) root can't change password and b) fartface could change is
> password. This could be a nice idea to make a list of them since we can use
> it
> to do multi-layer security in some case (i.e. checking again in the expect
> script if the user is banned/allowed)

I'm not sure what you mean.  There is already a configuration option
to disallow specific users from changing passwords, if that is what you
mean.

> - It is possible to make a script to test what are the string used by passwd
> and
> ssh, so, possible to make a "configurator" for the expect script

That would be wonderful.  A patch for that would be great!

> I will probably soon correct some of them so I wan't to know how should I
> send
> corrections.

Send them to the mailing list in diff -u format, or post a link to them
to the mailing list.

> Rock On !
> --
> Sork mailing list
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: sork-unsubscribe at lists.horde.org

--
Eric Rostetter
The Department of Physics
The University of Texas at Austin

Why get even? Get odd!


More information about the sork mailing list