harishnuti has asked for the wisdom of the Perl Monks concerning the following question:


Hello Monks, i have done lot of googling on how to change AIX user password using Perl, i havent got enough information, so thought of asking here
i have a web application written in JSP for which users login using their current AIX password, i need to give users flexibility of changing password from Web interface rather going into AIX server and changing using "passwd".
iam not really proficient in JSP , thought of doing it in perl and call this from java.
i would like to know below.


* Is it possible in perl ?
* if yes, do i need to install any CPAN modules?


using shell script, i guess "expect" command would do the job, but iam not looking to use shell script here.
Any brief idea or sample script would help me.
Thanks in advance
  • Comment on passwd change in AIX with perl, is it possible?

Replies are listed 'Best First'.
Re: passwd change in AIX with perl, is it possible?
by DrHyde (Prior) on Oct 20, 2008 at 10:04 UTC

    You want Expect. However, if you're using that to control the passwd command, don't forget that it will need to already be running as the user whose password you want to change. If your web server runs JSPs (and hence your perl program which gets called from a JSP) as a user like nobody or somesuch, then you're stuffed. The only user that can change someone elses password is root, and you *really* don't want to run your web server as root, and should be very careful indeed about running setuid root programs from a web server.

    Even if you are confident that your perl code is secure, you still need to be careful, because often when root is changing a password he isn't subject to any restrictions like making sure the password isn't a dictionary word.

[reply]
[d/l]
[select]
Re: passwd change in AIX with perl, is it possible?
by sflitman (Hermit) on Oct 20, 2008 at 05:48 UTC
    You want to be very careful as this could be a big security breach. Do you really want to change password for command line access? If you want to do something like password-protect a web folder, then you want the CPAN module Apache::Htpasswd.

    SSF

[reply]
Re: passwd change in AIX with perl, is it possible?
by chrism01 (Friar) on Oct 20, 2008 at 06:08 UTC
[reply]

Back to Seekers of Perl Wisdom