Detaching program from controlling terminal

Matthew Seaman m.seaman at infracaninophile.co.uk
Tue Jun 15 06:46:44 PDT 2004 

On Tue, Jun 15, 2004 at 09:16:02AM -0400, Mark Frank wrote:
> * On Tue, Jun 15, 2004 at 01:44:25PM +0800 Ihsan Junaidi Ibrahim wrote:
> > Hi all,
> > 
> > I'm somehow stuck in the loop now and am hoping some of you can give me 
> > pointers on how to proceed. Due to a customer requirement, I need to 
> > build a simple web-based (via cgi or php) script to change the system 
> > password. They found that sshing to the server and typing passwd to 
> > change the password is wee too involving hence the need to use a much 
> > friendlier interface. Letting the sysadmins change the user's password 
> > is not a good idea, as the sysadmins are outsourced and the users value 
> > their privacy. 
> 
> I'm sure I'm preaching to the choir here but what privacy do they think
> they are protecting since the sysadmins have root already?

The fact that sysadmins generally don't know users' passwords, and
have no practical means of finding them out if the user doesn't want
them to know what it is.  Passwords are stored as a checksum of the
plaintext+salt -- which operation can't be reversed easily (assuming
modern encryption techniques -- the original DES password system can
be brute-forced just about feasibly nowadays).

Since the sysadmin doesn't know what the users' password is on the
systems he admins, the user can safely use the same password on other
systems with different admins.

Now, the sysadmin can always modify the users' password on any system
they control, but they can't do that without letting the user know
they've done it.  And it would have to be an extremely thick user to
use a password generated by a third party on some other accounts.

	Cheers,

	Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20040615/540e206a/attachment.bin

More information about the freebsd-questions mailing list