LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 09-14-2011, 02:29 PM   #1
roopakl
Member
 
Registered: Sep 2011
Posts: 92

Rep: Reputation: Disabled
Enabling users to change their htpasswd password


Sir,
I gone through
"http://stackoverflow.com/questions/4736413/apache-htpasswd-secure-password-change/7421052#7421052" link. It is confusing, So could anybody please clarify these below doubts
1) # ls -la .htpasswd -rw-r--r-- 1 www-data root 18 10. Mai 16:30 .htpasswd
For above file, should we create it under /var/www in the webserver? and this file is nothing but the same in which we are copying that bash shell script. isn't it?

2) # cat .ssh/authorized_keys
command="/var/www/.htpasswd.sh" ssh-rsa AAAA... user@host
The 2nd one is not clear. Should we do this in the web server or in every client machine. Could you please show me with some example. Because I copied as it is but it is not working. what about "AAAA... user@host", should we type AAAA... also and user@host means who and which. I added as "roopa@192.168.0.3"(which is the client PC username and IP address) in .ssh/authorized_keys under root's home directory of the web server, and ran "ssh apache@localhost" and ran "ssh apche@(webserverIP) from the client machine. I got connection refused error for 1st one, asking apache password for 2nd one. I gave username as apache because I am running centos(web server) and home dirctory of apache is /var/www. So I could not understand and I request you to explain with full details.

3) As per script I saw mkpasswd. I ran in both ubuntu & cent OS as "whereis mkpasswd". I neither found the path in cent OS nor in ubuntu. Is it additional package and should it be installed before doing these all things?
I request you all to clarify the above doubts or post some url links which gives step by step information to enable users to change their htpasswd password.
I will be waiting for your kind reply.
 
Old 09-22-2011, 05:09 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,332
Blog Entries: 55

Rep: Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533
Quote:
Originally Posted by roopakl View Post
# ls -la .htpasswd -rw-r--r-- 1 www-data root 18 10. Mai 16:30 .htpasswd
For above file, should we create it under /var/www in the webserver?
Correct.


Quote:
Originally Posted by roopakl View Post
and this file is nothing but the same in which we are copying that bash shell script. isn't it?
No. The shell script in the post is "/var/www/.htpasswd.sh" but I would advice you to place it as /usr/local/bin/htpasswd.sh instead.


Quote:
Originally Posted by roopakl View Post
# cat .ssh/authorized_keys
command="/var/www/.htpasswd.sh" ssh-rsa AAAA... user@host
The 2nd one is not clear. Should we do this in the web server or in every client machine. Could you please show me with some example. Because I copied as it is but it is not working. what about "AAAA... user@host", should we type AAAA... also and user@host means who and which. I added as "roopa@192.168.0.3"(which is the client PC username and IP address) in .ssh/authorized_keys under root's home directory of the web server, and ran "ssh apache@localhost" and ran "ssh apche@(webserverIP) from the client machine. I got connection refused error for 1st one, asking apache password for 2nd one. I gave username as apache because I am running centos(web server) and home dirctory of apache is /var/www. So I could not understand and I request you to explain with full details.
* First of all you do not use root to SSH into the machine! If you do that currently, correct that mistake before doing anything else: create an unprivileged user, set it up to use 'sudo', then reconfigure /etc/ssh/sshd_config to deny root access.
** Secondly they talk about adding accounts for unprivileged users to the web server user. I would advice against that as the Apache web server user should not be allowed a functional shell and SSH access. Instead set up sudo for any unprivileged user to execute '/usr/local/bin/htpasswd.sh' as user httpd (or user www-data, www or apache depending on your distro). You set the command="/usr/bin/sudo -u httpd /usr/local/bin/htpasswd.sh" part in each unprivileged users account on the server. So for example for user "unspawn" open up /home/unspawn/.ssh/authorized_keys and find the key
Code:
ssh-rsa AAAAa6e1243e5889285e9c64e01fc1a55d86f0e5f8feb0baa2a51913efa76dad49e19A= unspawn@loopback.internic.ca
and change it to
Code:
command="/usr/bin/sudo -u httpd /usr/local/bin/htpasswd.sh" ssh-rsa AAAAa6e1243e5889285e9c64e01fc1a55d86f0e5f8feb0baa2a51913efa76dad49e19A= unspawn@loopback.internic.ca
. That also explains the ""AAAA... user@host"" part (it's the SSH key). Note when adding the command this key can not be used for anything else anymore.


Quote:
Originally Posted by roopakl View Post
As per script I saw mkpasswd. I ran in both ubuntu & cent OS as "whereis mkpasswd". I neither found the path in cent OS nor in ubuntu. Is it additional package and should it be installed before doing these all things?
mkpasswd is in the "expect" package.
 
Old 09-22-2011, 05:28 PM   #3
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Blog Entries: 5

Rep: Reputation: Disabled
You might also want to look into Usermin for this purpose. The "Custom Commands" module may fit the bill (i.e. point it to a script which accepts a password argument).
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Let users to change password when locked-out noir911 Linux - Server 5 03-11-2011 04:29 PM
[SOLVED] How can the non-root users change their password if....... challavijay Linux - Newbie 3 07-31-2010 03:55 PM
Avoid users to change password sinchan_ Linux - General 10 10-21-2009 03:48 PM
Help in LDAP; Users can change their password ashwintumma Linux - Software 1 08-22-2009 11:24 AM
Best way for users to change/recover password psychobyte Linux - Networking 1 01-18-2006 01:58 AM


All times are GMT -5. The time now is 01:09 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration