We sub out our tech support. I can (intend to) have them use ssh, but I
don't want them poking around on the Linux boxes. Just need them to be able
to check passwords and userid's. What your presumed was correct. A shell
account that could only check login's. Probably not the most elegant - but
who's got time for pretty these days - not me.
My concern is, is the shell I mention reasonably secure - that is, can they
shell out, break out, etc? Not to much concern here, after all they are one
of our own - sort of.
Thanks again,
Scott
-----Original Message-----
From: David Taylor <[EMAIL PROTECTED]>
To: scott.list <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Sunday, November 28, 1999 9:16 PM
Subject: Re: shell=false [more]
>"scott.list" wrote:
>>
>> PERFECT. Thanks a lot.
>
>You're welcome.
>
>> Hopefully not to seem greedy but since I don't know perl or expect, Do
you
>> know a way I could "wrap this up" in a restricted shell so that say a low
>> level support person could log on, and this script would prompt for a
>> username/password to check, and loop until "exit". Something they
couldn't
>> break out of? I do know shell programming. I know how to pass
parameters
>> to your scripts (I think). Would it be secure for me to just write a
script
>> and assign it as a shell?
>
>Hmmm. I'm not sure exactly what you want. Do you want to create an
>account and use that account for checking usernames & passwords? If so,
>I'd say you want to write a script and make that the default shell for
>the user account (their last field in /etc/passwd). The script could
>then repeatedly prompt for username & password pairs after login.
>
>Perhaps someone else on the list can suggest a better solution than
>hobbling a user account?
>
>ps. You'd be sending usernames and passwords as plaintext unless
>through an ssh session.
>
>--
>David
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
