Re: Is "preseeding the root password with a MD5 hash" an interesting feature for d-i?
Quoting Joey Hess (joeyh@debian.org):
> Alex Owen wrote:
> > I would like to see an option to lock the root password so that the
> > root account can only be accessed via an ssh key.
>
> This would be excellent.
Are you all people meaning that the root account should be locked when
its password has been preseeded?
Or that the preseed mechanism should support a disabled root account
like this was suggested in the bug report we have from Holger Levsen?
Up to now, I was thinking about adding two things:
-preseed MD5 hash passwords
-support preseeding with "*" which would disable the root account
(indeed, this can be merged with the above if the MD5 hash preseed
allows for "*" to be the preseeded value)
I have also to look at Ubuntu patches as Martin Quinson pointed me to
an interesting changelog entry:
23:46 <emptt1> shadow (1:4.0.3-30.7ubuntu4) hoary; urgency=low
23:46 <emptt1> * Restore the root password question, but at medium priority. If the
23:46 <emptt1> answer is empty, disable the root account and use sudo. This allows for
23:46 <emptt1> preseeding the root password, but leaves the default install exactly as
23:46 <emptt1> it was.
D
I guess that Colin can explain what's behind this..:-)
Seems that Ubuntu deals with empty passwords entered by disabling the
account which would be an elegant way to disable accounts, preseeded
or not.
Reply to: