Answering all this gets a little complex, let's see how well I can do.

First, to clear this all up a little, this is not a web service.
The machine in question is running DG/UX, it's not one I administer or even really use. The system is one that no one has a shell account on other then a few admins. The users login and are directed into a menu based application (for healthcare).

I got involved over some security concerns on the system (I noticed it had open NFS shares) and started asking some basic security questions. There were several problems, notably that it's not using shadow passwords, and that the current method for resetting user passwords on the system is by logging in as "resetpassword" which then prompts you for the account to reset. The current "resetpassword" has no password. (insert loud bells and whistles going off here)

Shadow passwords was an easy one to convince them on, they turned them on. Which broke their current "resetpassword" method.

So since I am the one who suggested all of this, I've been asked to provide a replacement for the process. I'm free to make it as "secure" as I want using my own devices. However, I don't even have shell access on the box, and I have next to no experience on DG/UX.

That said, I worked with them to a happy medium of keeping the resetpassword account, putting a password on it, and limiting what accounts it can reset. They absolutely will not give the root password out to those who need to reset passwords for users.

Sudo is a nice idea, and I'm familiar with it, but I don't see any indication it will even compile on DG/UX, and the administrator of the system is hesitant to try anything like that. (he's also about 1500 miles away, so communication is poor at best). I do have a request in to him to look at it, but my expectations are low.

Apologies for the long post, but I'm very open to suggestions on how to go about this. My goal is to get this box secure, or at least as secure as I can.

In reply to Re: •Re: Re: •Re: Resetting passwords by Kraegar
in thread Resetting passwords by Kraegar

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.