[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: disabling passwords with preseeding (was Re: passwd asked just one time)

Hi folks,

I would like to how can d-i (perhaps using preseed) make a sudo user,
and disable 'root' user, like Ubuntu does.

Ubuntu developers said (or I read something like that) it's more secure
to not create a 'root' user, and use 'sudoers'.

Thanks and regards,

On or., 2005-02-11 at 14:55 +0100, Holger Levsen wrote:
> Hi,
> On Friday 11 February 2005 09:37, Sven Luther wrote:
> > On Fri, Feb 11, 2005 at 07:21:53AM +0100, Christian Perrier wrote:
> > > > > BTW, I would also like to be able to preseed passwords to be
> > > > > disabled. Any opinions on that ?
> > > Indeed, after thinking about Holger's suggestion, I think he suggests
> > > that some passwords (mostly the newly created user) could be set to
> > > "disabled" just like one can do with the "--disabled-password" switch
> > > of adduser. Holger, am I correct?
> Yes, it's usefull for example if I wget an .ssh/authorized_keys file for the 
> user. And I also would like to be able to disable root's password and 
> preseed+use sudo instead.
> Or I might not want local passwords at all as I'm using (read: preseeding a 
> valid configuration for) ldap or whatever.
> So I guess I'll file a wishlist bug :)
> > Well, since originally, there is a time period where there is *no* root
> > password, and everyone can login, i am not sure what this brings in term of
> > security.
> What do you mean, "originally" ? With preseeding (and those r00tme&insecure 
> passwords) is there a time, where you can login without passwords ? Is it a 
> local or a remote flaw ?
> Because that's why I don't like to disable the passwords with 
> base-config/*_commands - it's not a workaround, it's introducing a security 
> breach.
> regards,
>  Holger

Reply to: