Support This Project

site chpass

Description

Changes the password assigned to a user account.

Syntax

site chpass [<user>] <password>

Detailed information on the options/arguments: <user>, <password>

<password> can by set to the following special values:

  • {cert} - denotes that the account uses a certificate for authentication. The password supplied at login will be ignored and certificates will be used instead.
  • % - any password will be accepted for logging in with the user account. Anyone can login with the account, no password is needed.

<user> is optional and is only required if you're a group administrator wanting to change an account in your group (or if you're a site operator wanting to change any account on the server).

Limitations

  • Site operators can use this command on any user while group administrators can use it only on their group members and themselves. Other users do not have permission to use this command on anyone but themselves.
  • Using the wildcard % password is a potential security problem. Anyone can login with the account with any/no password. It is in effect an anonymous account that anyone can use.

Password format and storage

Passwords are stored independently of the backend itself, for portability and features (for ex, MySQL internal password check method is not used, that would prevent using certificates, for ex.)

By default, the password is encrypted using standard unix encryption, DES. You can change the format by adding a special sequence in front of the password:

  • $1$ for MD5
  • {SHA} for SHA1
  • {pam} for PAM authentication
  • {cert} for certificate authentication
  • {kerberos} for Kerberos 5 authentication (experimental, and still in development)

Remember that MD5 is considered as broken, and that SHA1 should not be considered as safe anymore, so be careful where your passwords are stored and who can access them !

Examples

site chpass anonymous %

The user anonymous will be set to accept any password so that guests can login to the server with this account. 

site chpass wzdftpdrocks!

The password of the user issuing this command will be set to wzdftpdrocks''. 

site chpass john {SHA}aAn4ASkE

The password for the user john will be set to aAn4ASkE. The password will be encrypted using SHA1 before storing it. 

site chapss john {cert}

Certificates will be used for authentication of the user john instead of traditional passwords.