Our application runs on AIX and the users of the application do not have a way to land at the prompt/shell by any means. When they login to the box, the application opens up directly. I would like to know of a way to automate the password reset process for these user ids, without them having to call the support center. Any help/suggestion please.
It is simple to give them this capability. Just modify the application that runs as their login shell to given them an option to change their password.
If that isn't possible, create another login name (such as reset_pass ), set it up with no password or with a password that you give to all of your users, and set up the login shell for that user name to ask for their login name and then run the passwd utility with that login name as its operand. (Before you invoke passwd , just make sure that the login name given isn't the name used for this account.
Better would be that the application does not use OS credentials for identification and authentication - but would use it's own as part of the application.
If you are looking for SSO (Single-Sign-On) a separate application, probably LDAP based these days, could be used to modify passwords.
even with multiple sign-on (must sign on to each application), one of the applications could be designed for password reset, while all other applications would only use the interface to authenticate a user as valid for that application.
Hope this helps.