THANKS TO ;
Ann Majeske USG,
Nikola Milutunovic
Suggested solutions;
For the password change problem ;
It is suggested to use
1- sia_chg_password() routine instead of the current C program.
sia_collect_trm() can be used to collect required parameter for
sia_chg_password.
2- expect utility which needs Tcl/Tk
Moreover, useradd can be used for bulk user addition operations..
What I have done is that ; I have changed my shell from Rsh(restricted
shell) to ksh (easy way ... ) ,after that password change program has run
correctly (i.e with messages on screen) And I have been using that C program
(with a bit addition) as an entrance program. It has 2 options (1- password
change 2- program entranece)
That is all...
selcuk.karaca_at_aski.gov.tr
Unix sys Admin
TURKIYE
----- Original Message -----
From: M selcukkaraca <selcuk.karaca_at_aski.gov.tr>
To: <tru64-unix-managers_at_ornl.gov>
Sent: Thursday, November 30, 2000 4:24 PM
Subject: Terminal users, password change problem
>
> Hi to all admins,
>
> My environment :
> Alpha 4100, 2 CPU,2GB RAM
> DU 4.0D (with PK 6, I think)
>
> I have small trouble with our new security and audit plan.
> After a meeting with oracle, we will now accept the OS authorization as
the
> oracle authorization, So terminal (or applicaiton) users, will logon to
our
> unix system and then automatically to oracle...They will *never* drop to
> shell. And unix user codes will be used for audit operations in oracle
>
> But some problems came to existance...
> - I have to create >200 accounts each will have rsh as their shell.
> - And most problematic one, I have to write and implement a password
change
> method to that terminal users
> For first problem (account creation) I have been slowly creating
accounts..
> (But anyway I am open to good offers...)
>
> But for password change , I have some serious problems..
> 1- I have found a C code in our mail list archives. and compiled it.
> Basaically , It opens a pipe to unix password program and feeds user's new
> password to it.
> It closes stdout/stderr to fool unix passwd program, and opens a new
stderr
> (mystderr) and prints output messages to mystderr...
>
> But after popen to unix password program, I could not print error messages
> to terminal screen. Then I have seen that it works in ksh but in rsh it
just
> dont show anyhting after that point... what is the problem beween the
> program and rsh?
>
> 2- and maybe more importantly; where should I put the password change
> program, If I put it in the .profile at each login, it will ask to the
user
> whether he wants to change his password or not , BUT this is not logical
> (may be user will need password change after a month..)So where should I
put
> it ...
> what do you suggest...?
>
> Thank you gor your time and response ...
>
>
> -----------------Program source-------------------
> *previous lines are cut*
> ...
> /* get a private stderr, then close stderr/stdout to silence pwd programs
> */
> if ((fd = dup(2)) < 0) {
> fprintf(stderr, "ERROR:. Couldn't dup error-output fd, exiting...\n");
> exit(1);
> }
> if ((mystderr = fdopen(fd, "w")) == NULL) {
> fprintf(stderr, "ERROR: Couldn't fdopen new stderr fd, exiting...\n");
> exit(1);
> }
> close(1);
> close(2);
>
>
> /* detach from controlling tty to convince passwd to read stdin for pw
*/
> if ((fd = open("/dev/tty", O_RDWR)) >= 0) {
> if (ioctl(fd, TIOCNOTTY) < 0) {
> fprintf(mystderr, "ERROR: Failed to detach from /dev/tty: %s,
> exiting...\n",
> strerror(errno));
> exit(1);
> }
> close(fd);
> }
>
> /* shuffle UIDs for permissions - we expect to be running SUID-root */
> origuid = getuid();
> if (setuid(geteuid()) != 0) {
> fprintf(mystderr, "ERROR: Failed to properly set UID, exiting...\n");
> exit(1);
> }
>
> /* open a pipe to and then feed the standard Unix passwd program, slowly
> */
> if (isatty(0))
>
> fprintf(mystderr, "Changing UNIX password, please wait...\n");
> fflush(mystderr);
> }
> strcpy(cmd, PASSWD);
> strcat(cmd, " ");
> strcat(cmd, pwentry->pw_name);
> if ((cmdpipe = popen(cmd, "w")) == NULL) {
> fprintf(mystderr, "ERROR: Can't open pipe to '%s', exiting...\n",
cmd);
> exit(1);
> }
> sleep(3);
>
> /* I COULD GET THE FPRINTF(MYSTDERR."BLA BLA"); UP TO THIS POINT. AFTER
> HERE, IT DOES NOT PRINT ANYTHING ON TO SCREEN IN RSH (RESTRICTED SHELL) */
>
>
> fprintf(cmdpipe, "%s\n", new); fflush(cmdpipe); sleep(2);
> fprintf(cmdpipe, "%s\n", new); fflush(cmdpipe); sleep(2);
> if ((status = pclose(cmdpipe)) != 0) {
> fprintf(mystderr, "ERROR: error code is :%d, \n exiting...\n",
> status);
> exit(1);
> }
> if (isatty(0))
> fprintf(mystderr, "PASSWORD HAS CHANGED.\n");
>
> exit(0);
> }
>
> /* end of program */
> --------------program finished-----------------
>
>
> selcuk.karaca_at_aski.gov.tr
> Unix sys Admin
> ASKI - ANKARA
Received on Wed Dec 06 2000 - 06:48:48 NZDT