Re: disabling passwords with preseeding (was Re: passwd asked just one time)
On Fri, Feb 11, 2005 at 02:55:01PM +0100, Holger Levsen wrote:
> Hi,
>
> On Friday 11 February 2005 09:37, Sven Luther wrote:
> > On Fri, Feb 11, 2005 at 07:21:53AM +0100, Christian Perrier wrote:
> > > > > BTW, I would also like to be able to preseed passwords to be
> > > > > disabled. Any opinions on that ?
> > > Indeed, after thinking about Holger's suggestion, I think he suggests
> > > that some passwords (mostly the newly created user) could be set to
> > > "disabled" just like one can do with the "--disabled-password" switch
> > > of adduser. Holger, am I correct?
>
> Yes, it's usefull for example if I wget an .ssh/authorized_keys file for the
> user. And I also would like to be able to disable root's password and
> preseed+use sudo instead.
>
> Or I might not want local passwords at all as I'm using (read: preseeding a
> valid configuration for) ldap or whatever.
>
> So I guess I'll file a wishlist bug :)
>
> > Well, since originally, there is a time period where there is *no* root
> > password, and everyone can login, i am not sure what this brings in term of
> > security.
>
> What do you mean, "originally" ? With preseeding (and those r00tme&insecure
> passwords) is there a time, where you can login without passwords ? Is it a
> local or a remote flaw ?
>
> Because that's why I don't like to disable the passwords with
> base-config/*_commands - it's not a workaround, it's introducing a security
> breach.
In the non-automated procedure, you have no password until you are asked them.
And you can log in in console 2 without password. I don't know if remote login
is possible at this time though.
I suppose that in the preseed model, the same problems happens between the
boot and the moment where the root password is preseeded, which may vary
depending on the performance of the install box, and the timing of an eventual
attacker.
Friendly,
Sven Luther
Reply to: