PAM:如何更改别人的密码?
我必须调用什么 PAM 才能重置用户密码?我无法弄清楚。
背景:
我正在开发嵌入式 Linux 设备。客户安装此设备并创建用户帐户。如果其中一个辅助用户帐户被锁定,或者用户忘记了密码,我们需要一种方法,让用户 #1 可以重置用户 #2 的密码。我们向 PAM 的转换是新的,我现在正在转换到它。以下是我对用户进行身份验证的调用:
pam_start();
pam_authenticate();
pam_acct_mgmt();
pam_end();
我看到 pam_chauthtok() 用于更改我自己的密码,我不明白的是如果 - 或者如何? -- 我可以使用它或其他类似的调用来为另一个用户帐户分配新密码。
What PAM call do I have to make to reset a user's password? I cannot figure it out.
Background:
I'm working on an embedded linux device. Customers install this device, and create user accounts. If one of those secondary user accounts gets locked out, or if a user forgets their password, we need a way where user #1 can reset the password for user #2. Our conversion to PAM is new, I'm in the middle of switching over to it now. Here are the calls I make to authenticate users:
pam_start();
pam_authenticate();
pam_acct_mgmt();
pam_end();
I see pam_chauthtok() for changing my own password, what I don't understand is if -- or how? -- I can use it or another similar call to assign a new password to another user account.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
拥有单独用户的全部意义在于,他们无法执行诸如更改彼此密码之类的操作。为了使用 PAM 更改用户的密码,您需要成为该用户。最简单的方法是拥有一个 setuid-root 二进制文件,或者一个以 root 身份运行的守护进程,它调用 setuid 等来成为所需的用户,然后执行更改密码的操作。
当然,这会使您的整个系统面临很大的风险,特别是如果您还不太熟悉这些问题(从您的问题中可以清楚地看出),所以我会三思而行是否需要此功能,如果需要的话,是否应该聘请专家来处理。
The whole point of having separate users is that they cannot do things like change each other's password. In order to change a user's password with PAM, you need to become that user. The easiest way to do this is to have a setuid-root binary, or a daemon that runs as root, which calls
setuid, etc. to become the desired user then performs the operations to change password.Of course this exposes your entire system to a great deal of risk, especially if you're not already skilled in these matters (which is clear from your question), so I'd think twice about whether this feature is necessary, and if so, whether you should hire an expert to handle it.