[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: access the cleartext root password during installation

Jonas Smedegaard wrote:
> On Tue, May 18, 2010 at 11:40:08AM +0200, Ronny Aasen wrote:
>> Jonas Smedegaard wrote:
>>> On Tue, May 18, 2010 at 09:37:56AM +0200, Finn-Arne Johansen wrote:
>>>> On 05/15/2010 05:43 PM, Andreas B. Mundt wrote:
>>>>> Hi,
>>>>> So my question is: Can I, by any means, access the root password
>>>>> entered at the beginning of the installation at a later stage of
>>>>> the installation process in clear text?
>>>>> Alternative ideas or solutions are of course welcome.
>>>> Is it possible to create an udeb (or use debian-edu-*udeb) to ask
>>>> for the main password, store it in cleartext, preseed the root
>>>> password, then remove the cleartext password at the end of the
>>>> installation.
>>> I suspect that to be a dangerous approach: In effect this would
>>> duplicate (albeit hashed) the original root password which will *not*
>>> change if the original root password is later changed.
>>> I do not find it uncommon to use a quick'n'dirty password at install
>>> time and then tighten security later.  With this approach the too
>>> weak, temporary, initial password would silently become a weak
>>> backdoor into the system.
>>> I certainly hope that no similar approach is in use today already!
>> It is.
>> the quick and dirty password used at install. is also stored as the
>> password for the ldap user "admin"
>> when the user changes the root password. the ldap user admin password is
>> unchanged.
> That was my fear!
>> and must be changed in the admin tool separatly. But since
>> _everything_ is done via ldap, the user quickly learn about the admin
>> users (even if he does not read the documentation)
> How about the opposite: Can a Debian-Edu system be maintained using LWAT
> and not the root account, so that a weak _root_ password may go
> unnoticed due to wrong assumption that changing LWAT password was enough?
>> still asking for 3 passwords (root / ldap admin / kerberos) during
>> install does not make this situation in any way better. one might in
>> the worst case end up with 3 quick and dirty passwords.
> Indeed.
>> I don't know any better solution then documentation, and perhaps
>> debconf notes alerting that the root password should not be quick'n'dirty
> I believe debian-installer now supports *not* setting a root password,
> to support sudo style root access: noone is allowed to login as root
> directly, only indirectly as a user in the sudoers (or whatever) group.
> I have no experience with such security setup - and a question that
> springs to mind is how to then secure single user mode?
> Nevertheless that root password suppression (if I recall correctly that
> it is supported now) could be used to postpone setup of root password
> and instead do it in a script that sets all three passwords coordinated,
> and perhaps at the same time informs the local admin about the
> Debian-Edu password structure.

or use finnarne's preseed the root password in our udeb suggestion.
We can still inform the local admin about debian-edu's password
structure in a debconf note at the same time. And also use the password
for kerberos.

I assume there is a slightly higher change that the users read the
debconf note's then reading the same thing in the documentation.


Reply to: