HPE Community
Operating System - Linux
1831479 Members
3352 Online
110025 Solutions
New Discussion

Re: Allowing users to change their passwords within an e-mail notification

 
Andrew Kaplan
Super Advisor

‎03-06-2007 01:10 AM

‎03-06-2007 01:10 AM

Allowing users to change their passwords within an e-mail notification

Hi there --

I have a script that runs on one of our servers which monitors the age of our users' passwords. When a password is set to expire within two weeks, an e-mail is sent to the user reminding him of this and requesting that he change his password. The text of the script is shown below:

#!/bin/bash

users=`grep -v ":\!\!:" /etc/shadow|grep -v ":\*:" |grep -v root|cut -f1 -d:` expire_time=90 today=$((`perl -le 'print time'` / 86400 ))

for user in $users ; do
last_change=$(( `grep $user /etc/shadow |cut -f3 -d:` )) days_left=$(( $expire_time - $today + $last_change )) if [ $days_left -lt 15 -a $days_left -ge 0 ]; then
mail -s "Your password on the server will expire in $days_left days." $user << EOF Hello, Your password of account $user, which is used for accessing the e-mail server on host `uname -n`, will expire in $days_left days.

Please update your password. If you have any questions, please contact sysadm at extension x-xxxxx or e-mail him at sysadm@email.com for help.

Thanks for your support!

EOF


fi
done

I would like to include an option within this script so that when the user receives the e-mail notification there will be a link to the appropriate program that will automatically run the passwd program and allow the user to be able to change his/her password.

Is this possible, and if so, what is the syntax I should use to accomplish this? Thanks.
A Journey In The Quest Of Knowledge
0 Kudos
Reply
3 REPLIES 3
Peter Godron
Honored Contributor

‎03-06-2007 01:42 AM

‎03-06-2007 01:42 AM

Re: Allowing users to change their passwords within an e-mail notification

Andrew,
Your script pulls out the usernames from /etc/shadow, so I assume the mail is seen by the users when the log onto the server ?

Either way a link would require a session to be started, which means the user has to use the existing username/password logon and then run the passwd command.

In short, I can't think of a secure way.
0 Kudos
Reply
Mike Stroyan
Honored Contributor

‎03-21-2007 08:14 AM

‎03-21-2007 08:14 AM

Re: Allowing users to change their passwords within an e-mail notification

The web-chpass utility available from
http://www.unicom.com/sw/web-chpass/
is designed to provide a web page for changing passwords. It seems to have been well thought out for doing that securely. I haven't tried it myself. You should be very careful with adding new setuid programs such as this.
0 Kudos
Reply
Ivan Ferreira
Honored Contributor

‎03-21-2007 08:25 AM

‎03-21-2007 08:25 AM

Re: Allowing users to change their passwords within an e-mail notification

You can also modify the authentication method of your pop/imap server to use some directory services, for example, Active Directory or SAMBA. So when the user changes it's windows password, it changes the email password also.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.