On Tue, May 18, 2010 at 09:37:56AM +0200, Finn-Arne Johansen wrote:
On 05/15/2010 05:43 PM, Andreas B. Mundt wrote:Hi, So my question is: Can I, by any means, access the root password entered at the beginning of the installation at a later stage of the installation process in clear text? Alternative ideas or solutions are of course welcome.Is it possible to create an udeb (or use debian-edu-*udeb) to ask for the main password, store it in cleartext, preseed the root password, then remove the cleartext password at the end of the installation.
I suspect that to be a dangerous approach: In effect this would duplicate (albeit hashed) the original root password which will *not* change if the original root password is later changed.
I do not find it uncommon to use a quick'n'dirty password at install time and then tighten security later. With this approach the too weak, temporary, initial password would silently become a weak backdoor into the system.
I certainly hope that no similar approach is in use today already! Kind regards, - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
Description: Digital signature