On Tue, May 18, 2010 at 11:40:08AM +0200, Ronny Aasen wrote:
Jonas Smedegaard wrote:On Tue, May 18, 2010 at 09:37:56AM +0200, Finn-Arne Johansen wrote:On 05/15/2010 05:43 PM, Andreas B. Mundt wrote:Hi,So my question is: Can I, by any means, access the root password entered at the beginning of the installation at a later stage of the installation process in clear text?Alternative ideas or solutions are of course welcome.Is it possible to create an udeb (or use debian-edu-*udeb) to ask for the main password, store it in cleartext, preseed the root password, then remove the cleartext password at the end of the installation.I suspect that to be a dangerous approach: In effect this would duplicate (albeit hashed) the original root password which will *not* change if the original root password is later changed.I do not find it uncommon to use a quick'n'dirty password at install time and then tighten security later. With this approach the too weak, temporary, initial password would silently become a weak backdoor into the system.I certainly hope that no similar approach is in use today already!It is. the quick and dirty password used at install. is also stored as the password for the ldap user "admin" when the user changes the root password. the ldap user admin password is unchanged.
That was my fear!
and must be changed in the admin tool separatly. But since _everything_ is done via ldap, the user quickly learn about the admin users (even if he does not read the documentation)
How about the opposite: Can a Debian-Edu system be maintained using LWAT and not the root account, so that a weak _root_ password may go unnoticed due to wrong assumption that changing LWAT password was enough?
still asking for 3 passwords (root / ldap admin / kerberos) during install does not make this situation in any way better. one might in the worst case end up with 3 quick and dirty passwords.
I don't know any better solution then documentation, and perhaps debconf notes alerting that the root password should not be quick'n'dirty
I believe debian-installer now supports *not* setting a root password, to support sudo style root access: noone is allowed to login as root directly, only indirectly as a user in the sudoers (or whatever) group.
I have no experience with such security setup - and a question that springs to mind is how to then secure single user mode?
Nevertheless that root password suppression (if I recall correctly that it is supported now) could be used to postpone setup of root password and instead do it in a script that sets all three passwords coordinated, and perhaps at the same time informs the local admin about the Debian-Edu password structure.
- Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
Description: Digital signature