Re: access the cleartext root password during installation
Jonas Smedegaard wrote:
> On Tue, May 18, 2010 at 11:40:08AM +0200, Ronny Aasen wrote:
>> Jonas Smedegaard wrote:
>>> On Tue, May 18, 2010 at 09:37:56AM +0200, Finn-Arne Johansen wrote:
>>>> On 05/15/2010 05:43 PM, Andreas B. Mundt wrote:
>>>>> Hi,
>>>>> So my question is: Can I, by any means, access the root password
>>>>> entered at the beginning of the installation at a later stage of
>>>>> the installation process in clear text?
>>>>>
>>>>> Alternative ideas or solutions are of course welcome.
>>>>
>>>> Is it possible to create an udeb (or use debian-edu-*udeb) to ask
>>>> for the main password, store it in cleartext, preseed the root
>>>> password, then remove the cleartext password at the end of the
>>>> installation.
>>>
>>> I suspect that to be a dangerous approach: In effect this would
>>> duplicate (albeit hashed) the original root password which will *not*
>>> change if the original root password is later changed.
>>>
>>> I do not find it uncommon to use a quick'n'dirty password at install
>>> time and then tighten security later. With this approach the too
>>> weak, temporary, initial password would silently become a weak
>>> backdoor into the system.
>>>
>>> I certainly hope that no similar approach is in use today already!
>>
>>
>> It is.
>>
>> the quick and dirty password used at install. is also stored as the
>> password for the ldap user "admin"
>>
>> when the user changes the root password. the ldap user admin password is
>> unchanged.
>
> That was my fear!
>
>
>> and must be changed in the admin tool separatly. But since
>> _everything_ is done via ldap, the user quickly learn about the admin
>> users (even if he does not read the documentation)
>
> How about the opposite: Can a Debian-Edu system be maintained using LWAT
> and not the root account, so that a weak _root_ password may go
> unnoticed due to wrong assumption that changing LWAT password was enough?
>
>
>> still asking for 3 passwords (root / ldap admin / kerberos) during
>> install does not make this situation in any way better. one might in
>> the worst case end up with 3 quick and dirty passwords.
>
> Indeed.
>
>
>> I don't know any better solution then documentation, and perhaps
>> debconf notes alerting that the root password should not be quick'n'dirty
>
> I believe debian-installer now supports *not* setting a root password,
> to support sudo style root access: noone is allowed to login as root
> directly, only indirectly as a user in the sudoers (or whatever) group.
>
> I have no experience with such security setup - and a question that
> springs to mind is how to then secure single user mode?
>
> Nevertheless that root password suppression (if I recall correctly that
> it is supported now) could be used to postpone setup of root password
> and instead do it in a script that sets all three passwords coordinated,
> and perhaps at the same time informs the local admin about the
> Debian-Edu password structure.
or use finnarne's preseed the root password in our udeb suggestion.
We can still inform the local admin about debian-edu's password
structure in a debconf note at the same time. And also use the password
for kerberos.
I assume there is a slightly higher change that the users read the
debconf note's then reading the same thing in the documentation.
Ronny
Reply to: