On 4/13/2010 2:03 PM, Mike Miller wrote: > You could have it run the passwd program immediately after the user logs > in. Then it exits. That's all it does. I don't know how you'd make a > web interface do this. Someone suggested allowing ssh access and using /usr/bin/passwd as the default shell off-list and it turns out not having /bin/false in /etc/shells (I thought it was) was the reason users couldn't log in before. I tried setting a test user's shell to /usr/bin/passwd and it does exactly what you describe. The most damage an attacker could do here is change the password of the compromised account.