mchp.pl - Meta-Change Password system
This system includes two chunks: mchp.pl (the client side) and schpd.pl (the server side),
both written in perl. Some of the things they do are pretty specific to our site; but their
ability to synchronize SMB and unix passwords may be of use to others. Please note that
there are likely serious security concerns with using this -- be careful!
These work fine under Solaris 2.6 and SunOS 4.1.x using Perl 5.004_04; no other configurations
have been tried, nor will they be.
Our nis (formerly yp) setup is pretty integral to some of the workings, but it shouldn't be too
much of a job to pull that out or change it as necessary.
I'm really just posting this for others' convenience,
so no further development is contemplated. Please do let me know if you find them useful.
I can be reached at aperrin@demog.berkeley.edu.
A tiny bit of documentation:
- /etc/schpd.allow and /etc/schpd.deny work as you might expect them to, containing the ip
addresses or ranges that should be allowed or denied to connect to the server. Make this
as restrictive as is useful to you. The only ranging it does is *; i.e., 1.1.1.* will
allow any IP address whose first three octets are 1's. If neither file exists, any
host may connect. Localhost (127.0.0.1) may always connect.
- Hosts that are disallowed are disconnected before they're able to send anything on the
socket, to avoid the potential for overflow-style problems.
- Both the programs have a little built-in documentation if you start them with the
-h option; they just spit out a "usage" line. Also, if you use the -d option you
get debugging information as the system runs -- this can be a little disorienting
but useful.
- This system tries to update a passwd file and an smbpasswd file based on information it
gets from the client -- it's very trusting. Beware!
- The following are required:
- Perl
- Expect
- A /bin/passwd program that behaves exactly like Solaris's.
The files themselves:
mchp.pl - Client side
schpd.pl - Server side