Changing passwords - revisited

You are an quite busy admin. The systems are well kept. Everything is working fine. However many people work on your system and inevitably some people forget their passwords. And you have a trusted person in operating you know for ages that could do this job for you. However you don’t want to give her root privileges so she can plausibly deny that she could implement any quick change on the system while you are on vacation.

Warning! This privilege has to be delegated with the greatest care and caution as the this user can change passwords of really all users, the user is equivalent to root in this regard.

With solaris it’s quite easy to delegate the privilege of changing other peoples passwords. You have to give the user the authorizations solaris.passwd.assign and solaris.passwd.nocheck.

# usermod -A +solaris.passwd.assign oldadm
# usermod -A +solaris.passwd.nocheck oldadm

Let’s try it:

oldadm@solaris:~$ passwd guru
New Password:
Re-enter new Password:
passwd: password successfully changed for guru