"The Linux Gazette...making Linux just a little more fun!"


(?) The Answer Guy (!)


By James T. Dennis, answerguy@ssc.com
Starshine Technical Services, http://www.starshine.org/


(?) CGI Driven Password Changes

From Terry Singleton on Sat, 05 Dec 1998

(?) Hi there,

We recently installed a LINUX box that runs sendmail 8.9.1, we need someway for a user to be able to change their own password, most ISP's have a html form that allows them to do this.

I know this can be done with CGI and Perl, question is does anyone have anything or know of anywhere I can find something that will do the trick..

I just bought a perl/cgi so I am working in that direction, we need something asap though. I would even pay for something.

Regards,
Terry Singleton
Network Analyst

(!) I once wrote a prototype for such a CGI script. It wasn't fancy but it used the following basic method:
The form has the following fields:
userid (login name):
current/old password:
(repeated):
new password:
(repeasted):
... and the script does the following:
So mostly it's a matter of writing the expect or comm.pl script.
Unfortunately I don't have the real script handy. It looked something like:
#!/usr/bin/expect -f
## by Jim Dennis (jimd@starshine.org)
## This should check a username/password
## pair by opening a telnet to localhost
## and trying to use that to login
## -- you might have to adjust the last
## expect block to account for your
## system shell prompts, and error messsages

## It returns 0 on success and various non-zero
## values for various modes of failure

set timeout 5
log_user 0

gets stdin name
gets stdin pw

spawn "/usr/bin/telnet" "localhost"

expect {

-- "ogin: $"    { send -- "$name\r" }

timeout         { send -- "\r\r" }

eof             { exit 253  }
}


expect {

"ssword: $"     { send -- "$pw\r" }
}

expect {

"ast login: "    { exit 0   }
"(\\\$|%)"       { exit 0   }
"ogin incorrect" { exit 1   }
timeout          { exit 254 }
eof              { exit 253 }
}
... so you'd replace the "exit 0" clauses with something like the following to have it change the password instead of merely checking the password as the example above does.
set password [lindex $argv 1]
send "/bin/passwd\r"
expect "password:"
send "$password\r"
expect "password:"
send "$password\r"
... this assumes that you got to a shell prompt. If you use the old trick of setting the users' login shell to /bin/passwd then you'd add another expect close to the original script to respond to the prompt for "Old password" --- which you'd get in lieue of a shell prompt.
Obviously in that case you wouldn't be "send"-ing the /bin/passwd command to the shell prompt as I've done in the second line of this second code example.
There's a package that purports to do this at:
Linux Admin CGI Package Docu (English)
http://www.daemon.de/doc_en.html
... so you can try that.
You can also look at the Linux-admin mailing list archives where I'm sure I've seen Glynn Clements point people to some utility he wrote (I think I've seen this about a dozen times).
A quick trip to the Linux-Admin FAQ (http://www.kalug.lug.net/linux-admin-FAQ) led me to a list of list archives, which lead me to one with search features. Searching on "web password change" got me to a message that refers to:
ftp://win.co.nz/web-pwd
... I'm sure there are others out there.


Copyright © 1999, James T. Dennis
Published in The Linux Gazette Issue 36 January 1999


[ Answer Guy Index ] a b c 1 2 3 4 5 6 7 9 10 11 12
15 16 18 19 20 21 22 23 24 25 26 27 28
29 31 32 33 34 35 36 37 38 39 40 41 42 44
45 46 47 48 49 50 51 52 53 54 55 56 57 60 61 62 63 64 65 66
67 69 72 76 77 78 79 80 81 82 84 85 86 87 91 94 95 96 97 98


[ Table Of Contents ] [ Front Page ] [ Previous Section ] [ Next Section ]