[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Is "preseeding the root password with a MD5 hash" an interesting feature for d-i?

Quoting Joey Hess (joeyh@debian.org):
> Alex Owen wrote:
> > I would like to see an option to lock the root password so that the
> > root account can only be accessed via an ssh key.
> This would be excellent.

Are you all people meaning that the root account should be locked when
its password has been preseeded?

Or that the preseed mechanism should support a disabled root account
like this was suggested in the bug report we have from Holger Levsen?

Up to now, I was thinking about adding two things:

-preseed MD5 hash passwords

-support preseeding with "*" which would disable the root account
(indeed, this can be merged with the above if the MD5 hash preseed
allows for "*" to be the preseeded value)

I have also to look at Ubuntu patches as Martin Quinson pointed me to
an interesting changelog entry:

23:46 <emptt1> shadow (1:4.0.3-30.7ubuntu4) hoary; urgency=low
23:46 <emptt1>   * Restore the root password question, but at medium priority. If the
23:46 <emptt1>     answer is empty, disable the root account and use sudo. This allows for
23:46 <emptt1>     preseeding the root password, but leaves the default install exactly as
23:46 <emptt1>     it was.

I guess that Colin can explain what's behind this..:-)

Seems that Ubuntu deals with empty passwords entered by disabling the
account which would be an elegant way to disable accounts, preseeded
or not.

Reply to: