We're running enhances security under DU 3.2C . We would like to be able to
restrict the use of chfn so that users can't change their real names. My
current proposed solution is to write a wrapper that requests the
information and then passes it to chfn or to passwd. For this to work I need
to be very careful about making sure nobody can get by the wrapper.
Alternatively, I could put a wrapper around it that looked to see if the
real name had been changed and if so, change it back. This requires keeping
a separate secure database of real names.
The reason for all this is that we have a huge number of users and we just
got sick of people changing their names to 'I have a big penis' and the
like.
Under Ultrix, we replaced the passwd program entirely and at the same time
insituted a set of password checking rules. Under DU we can use pwpolicy for
that and I'd like to keep all the security checks in the passwd suite and
therefore don't want to replace it with something else.
So, if anyone has a sensible solution or even better, source for a passwd
program eqquivalent to DU's then I'd really appreciate hearing from them.
--
[=======================================================================]
[ Kevin Lentin |finger kevinl_at_fangorn.cs.monash.edu.au| ]
[ K.Lentin_at_cs.monash.edu.au |for PGP public key block. Fingerprint | ]
[ Macintrash: 'Just say NO!' |6024308DE1F84314 811B511DBA6FD596 | ]
[=======================================================================]
Received on Thu Jan 25 1996 - 00:17:52 NZDT