I've seen several threads where people want to change their password via a script by interfacing with /bin/passwd. Since /bin/passwd talks to a TTY, this usually means resorting to using something like expect.

This is a short script using the Authen::PAM module that works with STDIN/STDOUT, and therefore could be wrapped in a script more easily.

If you run it setuid, and uncomment the ruid=euid bit, folks can change their password without supplying their current password. Careful with that.

Caveat Emptor. 

#!/usr/bin/perl
$ENV{'PATH'} = '/bin:/usr/bin';
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
use Authen::PAM;
my($user,$pamh,$ret,$error);
if (!defined($user=getpwuid($<)) ) {
   die("Can't find user for uid $<\n");
}
## THIS COULD OPEN UP UNWANTED BEHAVIOUR
## IF THIS SCRIPT IS RUNNING SETUID AND
## YOU UNCOMMENT IT.
## (if ruid == 0, then it won't prompt
##  for the old password, just the new one)
#$<=$>;
#
$pamh= new Authen::PAM("passwd", $user);
$ret=pam_chauthtok($pamh);
if ($ret != PAM_SUCCESS) {
    $error = pam_strerror($pamh, $ret);
    die("change password failed [$error]\n");
}

[download]

Back to Cool Uses for Perl