On 4/12/2010 11:23 PM, gm5729 wrote:
> If I'm understanding this correctly all your users are or have the
> ability to SSH to the box but have no shell.
No one is allowed to connect to the ssh daemon except me, but each user
does have a shell (see below). The idea is to let them change their
passwords without needing to access the ssh daemon.
> Is this some kind of
> storage mechanism for users? If it is only allow scp of all users and
> set /etc/passwd to /bin/false 
I set the users' shells to /bin/false and the result was that they
became unable to login via FTP, with the daemon returning 530 Login
incorrect. With their default shell set to /bin/bash, they are able to
login.
> If you do this then on the other end
> since Apache is already in place you can use the certs for your site
> to generate a https html pages for each user.
HTTPS is already set up and all pages are secure and require authentication.
> As far as password resets the places I worked had to call the help
> desk and they would reset it for the user and bill the ticket to the
> appropriate department. We had like 10-12 different applications, main
> frames and email to handle for these items.
I have root access, so I can reset passwords for the users. I want them
to have the ability to change their own passwords without my intervention.