[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#337011: marked as done (installation-guide: Please document the new ways to preseed root and user passwords)

Your message dated Mon, 10 Apr 2006 18:26:18 +0200
with message-id <200604101826.19080.aragorn@tiscali.nl>
and subject line #337011: installation-guide: Please document the new ways to preseed root and user passwords
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message --- 
Package: installation-guide
Severity: normal
Tags: patch

The attached patch documents the password preseeding, including the "new"
ways to preseed passwords as of shadow 4.0.13-1, which is now in testing.

I'm not very used to the writing style of the Installation Guide. This is
why I did not commit the change immediately as it probably needs a review.

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.13-1-686
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to fr_FR.UTF-8)

--- en/boot-new/modules/shadow.xml	2005-10-07 21:59:11.339037959 +0200
+++ en/boot-new/modules/shadow-new.xml	2005-11-02 08:13:06.791479900 +0100
@@ -65,5 +65,47 @@
 account, use the <command>adduser</command> command.
 
 </para>
+
   </sect3>
+  <sect3 id="password-preseeding">
+  <title>Preseeding passwords</title>
+
+<para>
+
+Both the root and the first created user passwords can be
+<emphasis>preseeded</emphasis> during automated installs (see <xref
+linkend="automatic-install"/>).
+</para>
+
+<para>
+The passwords can be preseeded in cleartext using the
+<classname>passwd/root-password</classname>,
+<classname>passwd/root-password-again</classname>,
+<classname>passwd/user-password</classname> and
+<classname>passwd/user-password-again</classname> values. Be aware
+that this is not completely security-proof as everyone with physical
+access to the preseed file will have the knowledge of these passwords.
+</para>
+
+<para condition="etch">
+The passwords can also be preseeded as MD5 <emphasis>hashes</emphasis>
+by using the <classname>passwd/root-password-crypted</classname> and
+<classname>passwd/user-password-crypted</classname> variables. Thihs
+method is considered slightly better in terms of security but not
+completely proof as well because physical access to a MD5 </para> hash
+allows for brute force attacks. Some people even consider this method
+can be less secure as it may give a false sense of security.
+</para>
+
+<para condition="etch">
+The <classname>passwd/root-password-crypted</classname> and
+<classname>passwd/user-password-crypted</classname> variables can be
+preseeded with "!" as value. In that case, the corresponding account
+is disabled. This may be convenient for the root account, provided of
+course that an alternate method is setup to allow administrative
+activities or root login (for instance by using SSH key
+authentication).
+</para>
+
+
  </sect2>

--- End Message ---
--- Begin Message --- 
Should have been closed long time ago...

--- End Message ---
Reply to: