diff options
| author | ivan <ivan> | 2002-02-05 16:48:27 +0000 | 
|---|---|---|
| committer | ivan <ivan> | 2002-02-05 16:48:27 +0000 | 
| commit | 2093701338cf6d4531a33466cd64ad48bbf88856 (patch) | |
| tree | 12a94c70003e645a84d366c17662746c26332c4e /httemplate/docs/passwd.html | |
| parent | d7a54962112545979a1710f97dd5299fbd9c1aaf (diff) | |
web-based password changer!
Diffstat (limited to 'httemplate/docs/passwd.html')
| -rwxr-xr-x | httemplate/docs/passwd.html | 19 | 
1 files changed, 13 insertions, 6 deletions
| diff --git a/httemplate/docs/passwd.html b/httemplate/docs/passwd.html index e5242c200..c4d91480c 100755 --- a/httemplate/docs/passwd.html +++ b/httemplate/docs/passwd.html @@ -3,14 +3,21 @@  </head>  <body>    <h1>fs_passwd</h1> -You may use fs_passwd/fs_passwd as a "passwd", "chfn" and "chsh" replacement on your shell machine(s) to cause password, gecos and shell changes to update your freeside machine.  This can pose a security risk if not configured correctly.  <b>Do not use this feature unless you understand what you are doing!</b> +You may use fs_passwd/fs_passwd as a "passwd", "chfn" and "chsh" replacement on your shell machine(s) to cause password, gecos and shell changes to update your freeside machine.  You can also use the fs_passwd/fs_passwd.html and fs_passwd/fs_passwd.cgi to run a public password change CGI on a public web server.  This can pose a security risk if not configured correctly.  <b>Do not use this feature unless you understand what you are doing!</b>  <br><br>Currently it is assumed that the the crypt(3) function in the C library is the same on the Freeside machine as on the target machine.  <ul> -  <li>Create a freeside account on the shell machine(s). -  <li>Append the identity.pub from the freeside user on your freeside machine to the authorized_keys file of the newly created freeside user on the shell machine(s). +  <li>Create a freeside account on the shell or web machine(s). +  <li>Setup SSH keys: +    <ul> +      <li>As the freeside user (on your freeside machine), generate an authentication key using <a href="http://www.tac.eu.org/cgi-bin/man-cgi?ssh-keygen+1">ssh-keygen</a>.  Since this is for unattended operation, use a blank passphrase. +      <li>Append the newly-created <code>identity.pub</code> file to <code>~root +/.ssh/authorized_keys</code> on the shell or web machine(s). +      <li>Some new SSH v2 implementation accept v2 style keys only.  Use the <code>-t</code> option to <a href="http://www.tac.eu.org/cgi-bin/man-cgi?ssh-keygen+1">ssh-keygen</a>, and append the created <code>id_dsa.pub</code> or <code>id_rsa.pub</code> to <code>~root/.ssh/authorized_keys2</code> on the remote machine(s). +    </ul> +  <li>Copy fs_passwd/fs_passwdd to /usr/local/sbin on the shell or web machine(s).  (chown freeside, chmod 500) +  <li>Create /usr/local/freeside on the shell or web machine(s). (chown freeside, chmod 700) +  <li>Run an iteration of "fs_passwd/fs_passwd_server <i>user</i> shell.machine" as the freeside user for each shell or web machine (this is a daemon process).  <i>user</i> refers to the freeside user from the <a href="config.html">mapsecrets configuration file</a>.    <li>Copy fs_passwd/fs_passwd to /usr/local/bin on the shell machine(s).  (chown freeside, chmod 4755).  You may link it to passwd, chfn and chsh as well. -  <li>Copy fs_passwd/fs_passwdd to /usr/local/sbin on the shell machine(s).  (chown freeside, chmod 500) -  <li>Create /usr/local/freeside on the shell machine(s). (chown freeside, chmod 700) -  <li>Run an iteration of "fs_passwd/fs_passwd_server <i>user</i> shell.machine" as the freeside user for each shell machine (this is a daemon process).  <i>user</i> refers to the freeside user from the <a href="config.html">mapsecrets configuration file</a>. +  <li>Copy fs_passwd/fs_passwd.cgi to the cgi-bin directory on your web machine(s).  Use <a href="http://www.apache.org/docs/suexec.html">suEXEC</a> or <a href="http://www.perldoc.com/perl5.6.1/pod/perlsec.html">suidperl</a> to run fs_passwd.cgi as the freeside user.  </ul>  </body> | 
