[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

FYI: work on passwd preseeding



For the D-I team information: 

I'm actually working on bugs #275343, #304343 and #304352 for passwd,
all tagged "d-i" because they deal with the "reconfigure" code of
passwd, mainly used when called in base-config.

All these deal with the root password preseeding possibilities. They
were request to allow preseeding a MD5 hash for the root password
and/or allow preseeding a disabled password for root.

I'm perfectly aware that preseeding a MD5 hash is not security-proof,
but actually no less than preseeding a clear-text password which is
the only method we propose..:-)

Dealing with this turns out to be surprisingly easy...even for me..

This should introduce two new debconf variables:
root-password-hash
user-password-hash

The goal is that values found there will be used as a MD5 hash passed
to chpasswd in passwd.config.

Using "*" as "hash" would then preseed....a disabled password for root
as requested by Holger in #304343.

This will for sure need changes in the installation manual, especially
the preseed example. Of course, this will have to be done only when
the modified passwd package will have reached testing.

-- 




Reply to: