Re: disabling passwords with preseeding (was Re: passwd asked just one time)
Hi folks,
I would like to how can d-i (perhaps using preseed) make a sudo user,
and disable 'root' user, like Ubuntu does.
Ubuntu developers said (or I read something like that) it's more secure
to not create a 'root' user, and use 'sudoers'.
Thanks and regards,
Dooteo
On or., 2005-02-11 at 14:55 +0100, Holger Levsen wrote:
> Hi,
>
> On Friday 11 February 2005 09:37, Sven Luther wrote:
> > On Fri, Feb 11, 2005 at 07:21:53AM +0100, Christian Perrier wrote:
> > > > > BTW, I would also like to be able to preseed passwords to be
> > > > > disabled. Any opinions on that ?
> > > Indeed, after thinking about Holger's suggestion, I think he suggests
> > > that some passwords (mostly the newly created user) could be set to
> > > "disabled" just like one can do with the "--disabled-password" switch
> > > of adduser. Holger, am I correct?
>
> Yes, it's usefull for example if I wget an .ssh/authorized_keys file for the
> user. And I also would like to be able to disable root's password and
> preseed+use sudo instead.
>
> Or I might not want local passwords at all as I'm using (read: preseeding a
> valid configuration for) ldap or whatever.
>
> So I guess I'll file a wishlist bug :)
>
> > Well, since originally, there is a time period where there is *no* root
> > password, and everyone can login, i am not sure what this brings in term of
> > security.
>
> What do you mean, "originally" ? With preseeding (and those r00tme&insecure
> passwords) is there a time, where you can login without passwords ? Is it a
> local or a remote flaw ?
>
> Because that's why I don't like to disable the passwords with
> base-config/*_commands - it's not a workaround, it's introducing a security
> breach.
>
>
> regards,
> Holger
Reply to: