The old HP "SAM" use to allow this restricted SAM option.
I do not know if SMH does ( doubt it, but then again I do not use it. ever ;)
An alternative if SMH fails to meet your need could be to create a script that restricts the userids that passwords can be changed on ( not root ) then install and use sudo giving permission to these two users to the script.
I don't believe SMH will buy this for you either. You need sudo or some other third party sofware to distribute limited/controlled root access for these two users.
You might create their accounts, but in their .profile as soon as they login it runs a script. The script it runs can be a simple case stmt that pulls up a screen once they login and the only option for them is to reset passwords; or exit. ..and make sure you have it written so that if they try to Ctl-C out of it, it logs them out immediately....
sudo is your best bet. I poked around smh and did not see the equivalent of restricted sam.
Sad really as this was useful.
I would create a special user for the purpose and not give it root priv.
SEP
Steven E Protter Owner of ISN Corporation http://isnamerica.com http://hpuxconsulting.com Sponsor: http://hpux.ws Twitter: http://twitter.com/hpuxlinux Founder http://newdatacloud.com
restricted smh exist for 11Iv3, here is the info, it look like we can achieve the same thing with the web version
# smh -r The privileges set for the user from the Text User Interface doesn't apply to Graphical User Interface. System Management Homepage(SMH) in Graphical User Interface has a different way of setting the privileges. Please look at smh(1M) man page for more information
