On Tue, 13 Apr 2010, Andrew Berg wrote: > On 4/13/2010 2:03 PM, Mike Miller wrote: >> You could have it run the passwd program immediately after the user logs >> in. Then it exits. That's all it does. I don't know how you'd make a >> web interface do this. > > Someone suggested allowing ssh access and using /usr/bin/passwd as the > default shell off-list and it turns out not having /bin/false in > /etc/shells (I thought it was) was the reason users couldn't log in > before. I tried setting a test user's shell to /usr/bin/passwd and it > does exactly what you describe. The most damage an attacker could do > here is change the password of the compromised account. That's very cool. Good to know. I remember that there used to be a java applet that would do ssh -- called MindTerm -- but I guess it is proprietary. Is there any free software that could be used for this kind of thing and embedded in a web page? Mike