HPE Community
Operating System - HP-UX
1822985 Members
3881 Online
109645 Solutions
New Discussion юеВ

Changing password for a No Shell FTP User !

 
SOLVED
Go to solution
SUDHEER M S
Advisor

тАО12-29-2005 02:48 AM

тАО12-29-2005 02:48 AM

Changing password for a No Shell FTP User !

I have few FTP Users on my system with "No shell" parameter set. As there is no shell for these users, they can't telnet and change the password. Each and every time they have to contact Administrator and get it changed. Is there anyway user can change himself?

Its not a serious issue, but I am sure you experts will have some good suggestions.

How this is done on FTP servers where they will have 100s of users.

Sample user entry of /etc/passwd is given below.

dragon:dcsGLS3AvOZcE,7/HR:311:105:MidRange Unix L3FTP,,,:/home/dragon/./:/usr/bin/false


Thanks in advance
0 Kudos
7 REPLIES 7
Christine Hartman
Valued Contributor

тАО12-29-2005 04:31 AM

тАО12-29-2005 04:31 AM

Re: Changing password for a No Shell FTP User !

We actually use kerberose...that way they have to change their password on the AD side of the house. However, I believe that they actually can telnet in first....after the systems verifies their password, then it will boot them out because they have /usr/bin/false as a shell. When their password expires...it should allow them to change it and then it will boot them out after password authentication is completed and the login process continues.

You should be able to test this easily too by telneting in as a user that has a password that just expired...you should be able to put your login id and password then it should prompt you to change your password because it has expired, then it will boot you out.

C-
0 Kudos
Joseph.KL Teo
New Member

тАО12-29-2005 09:06 AM

тАО12-29-2005 09:06 AM

Re: Changing password for a No Shell FTP User !

Hi Sudheer,

This action would require root access because /etc/passwd can only be modified by root.

So i doubt you can allow the users to do it by themselves unless you allow them to switch user to root which is ridiculous, agree?
0 Kudos
Devesh Pant_1
Esteemed Contributor

тАО12-29-2005 09:32 AM

тАО12-29-2005 09:32 AM

Re: Changing password for a No Shell FTP User !

Sudheer,
you can have these accounts set up for nonexpiration of the password.

just an idea

thanks
DP
0 Kudos
RAC_1
Honored Contributor

тАО12-29-2005 01:55 PM

тАО12-29-2005 01:55 PM

Solution

Re: Changing password for a No Shell FTP User !

If the users have telnet access to some other machine, they can generate password and ask you put same password for ftp account.

On hp-ux system, they can generate password as follows.

echo "your1234ab" | /usr/lbin/makekey
This will generate a encrypted password, which you can paste in password feild in passwd file. The password has to have 8 chars and last two chars are salt chars. This will set password to your1234. So even sysadmins can not know it, but only user who generates it.
There is no substitute to HARDWORK
0 Kudos
Sanjay_6
Honored Contributor

тАО12-29-2005 04:33 PM

тАО12-29-2005 04:33 PM

Re: Changing password for a No Shell FTP User !

Hi,

What you can do is force the user to change his/her pasword at next login,

passwd -f login_id

Though the user has a "no shell" or false as the shell. he can still login using telnet and chnage his/her password. He will not get a shell prompt.

When the user does a telnet to the system and types the login id, it will prompt the user for password and will then prompt the user to change the password. Once the password is changed, instead of the user getting a login prompt, it will be logged out saying no shell for that user or something.

Hope this helps.

Regds
0 Kudos
SUDHEER M S
Advisor

тАО12-29-2005 07:27 PM

тАО12-29-2005 07:27 PM

Re: Changing password for a No Shell FTP User !

Thanks to you all, Let me keep this for one more day to see more comments. I will assign the points at the end of day,
DP your idea is good, unfortunately its not meeting my requirement. Special thanks to RAC and Sanjay, Good suggetions.

Cheers Buddies.
0 Kudos
SUDHEER M S
Advisor

тАО12-29-2005 11:38 PM

тАО12-29-2005 11:38 PM

Re: Changing password for a No Shell FTP User !

Forcing the user to change and creating a encrypted password are found to be good options.

Thanks to all.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.