We needed something that would allow users to change their passwords from a number of different environments. Among them:
To meet these requirements a client/server system was decided upon. Our current environment has SunOS4.1.3 running NIS as a master which propagates changes to the NIS+ environment via crontab on the NIS+ master. Therefore the server process was designated to a 4.1.3 machine. Originally it was developed to allow users on PC's to change their passwords on the sun so that they could log into the PC with PCNFS. However, it quickly became apparent that a more general implementation was easily achieved, and a UNIX client program was written that mimicks the standard sun passwd (yppasswd) in look and feel.
To protect the passwords as they go across the network a simple hashing mechanism was devised whereby the password is hash with a series of bytes that are shared by the client and server process and that rotate depending on the length of the input string. This was developed to prevent against casual sniffing. This and the fact that it looks just like another TCP service to some non-well-known port, gave us a feeling of more security. Future plans are to replace that hash with a public key crypto system of some kind: probably RSA. The program was designed so that any hashing mechanism could be used as long as the client and server agree upon what it is. The hashing code is kept in a separate file from either the client or the server.
Having a client/server password program put us in the unique position to be able to enforce good password practices on our user community. To this end, several safe-guards are built into the server.
To get a copy of the password program or send comments fill out this form.