X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=httemplate%2Fdocs%2Fpasswd.html;h=fc1dde9564f24fbfb50883d2a8acb726d2e4d690;hb=a1d1dc9edcb57c0295689203de577c670f947b60;hp=e5242c2005057e3fa8233e8ecca747a2b071f7b1;hpb=12a063fdd97054b7bfd412f3e77691fe3f497bbc;p=freeside.git
diff --git a/httemplate/docs/passwd.html b/httemplate/docs/passwd.html
index e5242c200..fc1dde956 100755
--- a/httemplate/docs/passwd.html
+++ b/httemplate/docs/passwd.html
@@ -3,14 +3,21 @@
fs_passwd
-You may use fs_passwd/fs_passwd as a "passwd", "chfn" and "chsh" replacement on your shell machine(s) to cause password, gecos and shell changes to update your freeside machine. This can pose a security risk if not configured correctly. Do not use this feature unless you understand what you are doing!
+You may use fs_passwd/fs_passwd as a "passwd", "chfn" and "chsh" replacement on your shell machine(s) to cause password, gecos and shell changes to update your freeside machine. You can also use the fs_passwd/fs_passwd.html and fs_passwd/fs_passwd.cgi to run a public password change CGI on a public web server. This can pose a security risk if not configured correctly. Do not use this feature unless you understand what you are doing!
Currently it is assumed that the the crypt(3) function in the C library is the same on the Freeside machine as on the target machine.
- - Create a freeside account on the shell machine(s).
-
- Append the identity.pub from the freeside user on your freeside machine to the authorized_keys file of the newly created freeside user on the shell machine(s).
+
- Create a freeside account on the shell or web machine(s).
+
- Setup SSH keys:
+
+ - As the freeside user (on your freeside machine), generate an authentication key using ssh-keygen. Since this is for unattended operation, use a blank passphrase.
+
- Append the newly-created
identity.pub
file to ~freeside
+/.ssh/authorized_keys
on the shell or web machine(s).
+ - Some new SSH v2 implementation accept v2 style keys only. Use the
-t
option to ssh-keygen, and append the created id_dsa.pub
or id_rsa.pub
to ~freeside/.ssh/authorized_keys2
on the remote machine(s).
+
+ - Copy fs_passwd/fs_passwdd to /usr/local/sbin on the shell or web machine(s). (chown freeside, chmod 500)
+
- Create /usr/local/freeside on the shell or web machine(s). (chown freeside, chmod 700)
+
- Run an iteration of "fs_passwd/fs_passwd_server user shell.machine" as the freeside user for each shell or web machine (this is a daemon process). user refers to a freeside user added by freeside-adduser.
- Copy fs_passwd/fs_passwd to /usr/local/bin on the shell machine(s). (chown freeside, chmod 4755). You may link it to passwd, chfn and chsh as well.
-
- Copy fs_passwd/fs_passwdd to /usr/local/sbin on the shell machine(s). (chown freeside, chmod 500)
-
- Create /usr/local/freeside on the shell machine(s). (chown freeside, chmod 700)
-
- Run an iteration of "fs_passwd/fs_passwd_server user shell.machine" as the freeside user for each shell machine (this is a daemon process). user refers to the freeside user from the mapsecrets configuration file.
+
- Copy fs_passwd/fs_passwd.cgi to the cgi-bin directory on your web machine(s). Use suEXEC or suidperl to run fs_passwd.cgi as the freeside user.