Re: More secure 'passwd' module?

[Scott M. <sco...@ya...>]

Actually, found the problem.

In save_passwd.cgi, the section
if ($config{'passwd_cmd'}) {

is missing something.  After the 
@user || &error($text{'passwd_euser'});

it should have the line
&can_edit_passwd(\@user) || 
              &error($text{'passwd_ecannot'});

This would be consistent with the else clause and the
previous modules.  

Also, if the original 'index.cgi' called
can_edit_passwd, that would be a little more
consistent.

For me, I added the following changes:
1) Only allow normal and expired passwords to be
reset. (Expires is the password set to '*expired*' for
me).  This allows you to keep peeps form giving a
password to a system account
2) Disallow password to be changed for UID <=100
This was done (hopefully correctly) by doing the
following in can_edit_passwd:

if ($_[0]->[2]<=100 || $_[0]->[1] =~ 'NP' ||
      
(($_[0]->[1]=~/^[*]+.*$/)&&($_[0]->[1]!~/\*expired\*/)))
{
       return 0;
}


--- Jamie Cameron <jca...@we...> wrote:

> You can configure some of those access controls
> already in the password change module, by going into
> the Webmin Users module and clicking on 'Change
> Passwords'
> next to the name of a user. If there are any access
> control restrictions that you would like that are
> currently missing, tell me and it should be possible
> to add them.


__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com