Tim Alberts <talberts <at> msiscales.com> writes: > > I'm running apache on a FC3 linux box. I'm trying to make user password > control more available. I know the passwd command to change user > passwords. My question is, if a user enters a password and they forget > it, how can they get the password back out of the system without just > re-entering a new one? > > Specifically, I'm using Linux-PAM with shadow passwords. I don't want > to give users root access. I'm really trying to create a cgi/bash > script that a user can enter their email address and it will email them > there password. Seems like a simple thing to do, but I haven't seen a > command to retreive a current user password from Linux-PAM/shadow > passwords. I could use a MySQL database to keep track of this stuff, > but I prefer to use the security that Linux already provides. Plus, > then I've got plain text passwords in a database or even if I encrypted > them in the database, I have the passwords in two places and then > there's the risk of them getting out of sink (however small a risk). > IMHO it's never a good idea to dual post passwords. The passwd/shadow scenario is a single pass one way encryption -- don't know of anyone that's cracked one yet!!! In my world if someone forgets the password, root resets and the user runs the passwd command. New password!!!! Period!!!! If you don't want root to have to intervene you may try to run a "sudo passwd one time only script" that allows the user to reset their own password, but it should be done with the option to "change on first log in" and when the script is finished the user is not left in root....... Just my two pennies..... cheers goose