On Mon, Apr 12, 2010 at 10:57 PM, Andrew Berg <bahamutzero8825 at gmail.com> wrote:
> I need a simple web interface to let users change their passwords. I
> don't want them to have shell access since they wouldn't know how to use
> it (and it limits what an attacker can do if the account is
> compromised). Usermin doesn't always work right, and it seems to screw
> up passwords, making it impossible for users to log in via FTP (and
> probably other services like HTTP). I want it to be a simple interface
> to passwd (Usermin uses MD5 hashes for some reason and passwd uses
> SHA-512). I have Apache already set up (and users are authenticated
> using their system account credentials; no anonymous users are allowed),
> so it doesn't need its own webserver capabilities.

Why not just set their shell to a stub-shell that only allows them to
run the passwd command, or allows them to log out?

-Rob