Bug#129988: S/390: secure install with a password?

[Stefan Gybas <gybas@trustsec.de>]

Jochen Hein wrote:


> I disagree.  If there is no password at all, *anybody* can access the
> root account.  If I'm setting up on a public machine (like I did
> here), I have a problem.


You can also do an automatic network setup if you specify your network
configuration in the parmfile (not yet documented), this will not be
possible any longer if you have to enter an installation password.

So you either shoudl also be able to specify this password in the
parmfile or the installer can create a random password that must be
entered when you make the telnet connection.


> Not in any case.  Maybe adding a *very* simple password check to login
> (no need for encypted passwords for example), or a TCP-Wrapper to an
> IP address may be helpful.


I also thought of this. Maybe we can just write the password to a file
in /tmp (I'd like to avoid writing to /etc so the initrd can be mounted
read-only which a tmpfs mounted on /tmp) and adjust login.c to check this
password. What do you think of this approach?

--
Stefan Gybas