We have a script here that is used to change NIS+ passwords. There are still a few bugs in it, but the rules are:

1. Script is owned by root, and suid.
2. Use the -T (taint option).
3. This only runs on our intranet.
4. Use the -T (taint option).
5. Test, test and test again.
6. Use the -T (taint option).
7. When you think it works properly with no unwanted side effects, give it to your most troublesome "wanna be a programmer" to test.

If anyone is interested, email me at:
rayk@transport.nsw.gov.au
for a copy.

Ken