Bug#129988: S/390: secure install with a password?
>>>>> "Stefan" == Stefan Gybas <gybas@trustsec.de> writes:
Stefan> Jochen Hein wrote:
>> I disagree. If there is no password at all, *anybody* can access
>> the root account. If I'm setting up on a public machine (like I
>> did here), I have a problem.
Stefan> You can also do an automatic network setup if you specify
Stefan> your network configuration in the parmfile (not yet
Stefan> documented),
Looks interesting - I'm tired of trying and setting up network every
time... I think I should look into boot-floppies sources?
Stefan> this will not be possible any longer if you have
Stefan> to enter an installation password.
How about a kernel parameter "installpassword=<secret>"? If the
kernel does not know about it, it gets passed to init and you can read
it in scripts.
Stefan> So you either shoudl also be able to specify this password in
Stefan> the parmfile or the installer can create a random password
Stefan> that must be entered when you make the telnet connection.
Parmfile for unattended setup is ok. If it is not set, generate one
or ask.
Stefan> I also thought of this. Maybe we can just write the password
Stefan> to a file in /tmp (I'd like to avoid writing to /etc so the
Stefan> initrd can be mounted read-only which a tmpfs mounted on
Stefan> /tmp) and adjust login.c to check this password. What do you
Stefan> think of this approach?
I think That would suffice for the install.
Jochen
--
#include <~/.signature>: permission denied
Reply to: