[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

disabling passwords with preseeding (was Re: passwd asked just one time)



Hi,

On Friday 11 February 2005 09:37, Sven Luther wrote:
> On Fri, Feb 11, 2005 at 07:21:53AM +0100, Christian Perrier wrote:
> > > > BTW, I would also like to be able to preseed passwords to be
> > > > disabled. Any opinions on that ?
> > Indeed, after thinking about Holger's suggestion, I think he suggests
> > that some passwords (mostly the newly created user) could be set to
> > "disabled" just like one can do with the "--disabled-password" switch
> > of adduser. Holger, am I correct?

Yes, it's usefull for example if I wget an .ssh/authorized_keys file for the 
user. And I also would like to be able to disable root's password and 
preseed+use sudo instead.

Or I might not want local passwords at all as I'm using (read: preseeding a 
valid configuration for) ldap or whatever.

So I guess I'll file a wishlist bug :)

> Well, since originally, there is a time period where there is *no* root
> password, and everyone can login, i am not sure what this brings in term of
> security.

What do you mean, "originally" ? With preseeding (and those r00tme&insecure 
passwords) is there a time, where you can login without passwords ? Is it a 
local or a remote flaw ?

Because that's why I don't like to disable the passwords with 
base-config/*_commands - it's not a workaround, it's introducing a security 
breach.


regards,
 Holger

Attachment: pgpVFpiLBI3jW.pgp
Description: PGP signature


Reply to: