On 4/12/2010 11:23 PM, gm5729 wrote: > If I'm understanding this correctly all your users are or have the > ability to SSH to the box but have no shell. No one is allowed to connect to the ssh daemon except me, but each user does have a shell (see below). The idea is to let them change their passwords without needing to access the ssh daemon. > Is this some kind of > storage mechanism for users? If it is only allow scp of all users and > set /etc/passwd to /bin/false I set the users' shells to /bin/false and the result was that they became unable to login via FTP, with the daemon returning 530 Login incorrect. With their default shell set to /bin/bash, they are able to login. > If you do this then on the other end > since Apache is already in place you can use the certs for your site > to generate a https html pages for each user. HTTPS is already set up and all pages are secure and require authentication. > As far as password resets the places I worked had to call the help > desk and they would reset it for the user and bill the ticket to the > appropriate department. We had like 10-12 different applications, main > frames and email to handle for these items. I have root access, so I can reset passwords for the users. I want them to have the ability to change their own passwords without my intervention.