Re: [Jailkit-users] Change Password

[Olivier Sessink]

Scott Ruckh wrote:
> How can you enable having users being able to change their passwords?
> 
> I copied passwd to chroot'd bin directory.  Copied over shared libraries
> listed from doing ldd on passwd command.

that will not work, passwords are stored in /etc/shadow, *outside* your
jail. So the password utility cannot access that file.

Issue 2 is that the passwd utility is setuid root, which is undesirable
in a jail.

b.t.w.: instead of ldd you could have used jk_cp to automatically copy
the shared libraries

John Gallagher recently suggested this:
-----------
The best way may be to have them create RSA Key pairs and not use
standard passwords.  The key pair would never expire and they could
control it.  I guess the key pair could be copied from another system so
we would not need to chroot openssl.
-----------

for more info see for example

http://www.zettai.net/Support/Howto/sshKeyHowto
http://sial.org/howto/openssh/publickey-auth/

regards,
        Olivier Sessink