Petros writes:
Unrelated, I looked for a password changer myself yesterday, for a LDAP backend, and found http://www.symfony-project.org/plugins/upSimpleLdapPlugin
I wrote the below to deal with Windows Home users. $ cat /var/www/pwreset.html <!-- THIS DOES NOT EVEN TRY TO BE SECURE. DO NOT EXPOSE THIS TO MALICIOUS NETWORKS. --> <!-- THIS KLUDGE IS ONLY UNTIL DOMAIN LOGINS ARE ENABLED. IT IS NOT PERMANENT. --> <html><body><form action=/cgi-bin/pwreset method=post> Username: <input name=u type=text /><br> Old password: <input name=o type=password><br> New password: <input name=n type=password><br> <input type=submit> </form></body></html> $ cat /usr/lib/cgi-bin/pwreset #!/bin/bash # This is a CGI script that expects input on stdin (i.e. POST, not GET). # THIS DOES NOT EVEN TRY TO BE SECURE. DO NOT EXPOSE THIS TO MALICIOUS NETWORKS. # THIS KLUDGE IS ONLY UNTIL DOMAIN LOGINS ARE ENABLED. IT IS NOT PERMANENT. set -eEu set -o pipefail trap "echo PASSWORD NOT CHANGED" ERR printf 'Content-Type: text/plain\n\n' exec 2> >(logger -t pwreset) d="$(cat)" u="$(grep -Eo 'u=[^=&]+' <<<"$d" | cut -c3-)" o="$(grep -Eo 'o=[^=&]+' <<<"$d" | cut -c3-)" n="$(grep -Eo 'n=[^=&]+' <<<"$d" | cut -c3-)" ## This would only set the NIS schema, not the Samba schema, and thus is no good. #ldappasswd -D "uid=$u,ou=people,o=Frobozz" -w "$o" -s "$n" ## Therefore instead we set the password via samba. smbpasswd -r piserver1 -U "$u" -s <<< "$o $n $n" echo PASSWORD CHANGED