I'd like to give these users the ability to acquire a password.
Two ways are immediately apparent:
- Implement a mechanism which presents the user with a new machine-generated password, for example to their registered email address.
- Allow the user to run
passwdin a shell, but not require them to enter their existing password first (instead, rely on the fact that they are logged in to be sufficient authentication).
Dear Reader, can you think of other ways? Do you have any opinions on the wiseness/unwiseness of these approaches?