Hi, On Friday 11 February 2005 09:37, Sven Luther wrote: > On Fri, Feb 11, 2005 at 07:21:53AM +0100, Christian Perrier wrote: > > > > BTW, I would also like to be able to preseed passwords to be > > > > disabled. Any opinions on that ? > > Indeed, after thinking about Holger's suggestion, I think he suggests > > that some passwords (mostly the newly created user) could be set to > > "disabled" just like one can do with the "--disabled-password" switch > > of adduser. Holger, am I correct? Yes, it's usefull for example if I wget an .ssh/authorized_keys file for the user. And I also would like to be able to disable root's password and preseed+use sudo instead. Or I might not want local passwords at all as I'm using (read: preseeding a valid configuration for) ldap or whatever. So I guess I'll file a wishlist bug :) > Well, since originally, there is a time period where there is *no* root > password, and everyone can login, i am not sure what this brings in term of > security. What do you mean, "originally" ? With preseeding (and those r00tme&insecure passwords) is there a time, where you can login without passwords ? Is it a local or a remote flaw ? Because that's why I don't like to disable the passwords with base-config/*_commands - it's not a workaround, it's introducing a security breach. regards, Holger
Attachment:
pgpquNGUeTK2U.pgp
Description: PGP signature