Hey All,
I've run into a slight problem with my lab computers. I have an account's ability to change password disabled, and the account is restricted to the applications in just the Applications folder. Unfortunately, Leopard doesn't seem to care if you run the application off your Desktop either. Or for that matter, if you copy an application from the Utilities folder to the user Desktop and run it there.
So, I have a potential problem that a clever student pointed out. Despite being unable to change password from the preference pane, a student could still change the password by copying the Terminal app from the Utilities folder to the Desktop, then running it, then using the passwd command. Apparently, Leopard doesn't prevent the passwd command, even on a managed account.
Any thoughts? Can I disable access to the passwd command, and for that matter, dscl?
Thanks,
-Rob