fs_passwd
You may use fs_passwd/fs_passwd as a "passwd", "chfn" and "chsh" replacement on your shell machine(s) to cause password, gecos and shell changes to update your freeside machine. You can also use the fs_passwd/fs_passwd.html and fs_passwd/fs_passwd.cgi to run a public password change CGI on a public web server. This can pose a security risk if not configured correctly. Do not use this feature unless you understand what you are doing!
Currently it is assumed that the the crypt(3) function in the C library is the same on the Freeside machine as on the target machine.
- Create a freeside account on the shell or web machine(s).
- Setup SSH keys:
- As the freeside user (on your freeside machine), generate an authentication key using ssh-keygen. Since this is for unattended operation, use a blank passphrase.
- Append the newly-created
identity.pub file to ~root
/.ssh/authorized_keys on the shell or web machine(s).
- Some new SSH v2 implementation accept v2 style keys only. Use the
-t option to ssh-keygen, and append the created id_dsa.pub or id_rsa.pub to ~root/.ssh/authorized_keys2 on the remote machine(s).
- Copy fs_passwd/fs_passwdd to /usr/local/sbin on the shell or web machine(s). (chown freeside, chmod 500)
- Create /usr/local/freeside on the shell or web machine(s). (chown freeside, chmod 700)
- Run an iteration of "fs_passwd/fs_passwd_server user shell.machine" as the freeside user for each shell or web machine (this is a daemon process). user refers to the freeside user from the mapsecrets configuration file.
- Copy fs_passwd/fs_passwd to /usr/local/bin on the shell machine(s). (chown freeside, chmod 4755). You may link it to passwd, chfn and chsh as well.
- Copy fs_passwd/fs_passwd.cgi to the cgi-bin directory on your web machine(s). Use suEXEC or suidperl to run fs_passwd.cgi as the freeside user.