Re: create password in postinst

To: debian-mentors@lists.debian.org
Subject: Re: create password in postinst
From: Justin Pryzby <justinpryzby@users.sourceforge.net>
Date: Sun, 5 Feb 2006 11:26:08 -0500
Message-id: <[🔎] 20060205162608.GA30728@andromeda>
In-reply-to: <[🔎] 43E62088.40907@derobert.net>
References: <20060126132847.3d09023d@localhost> <[🔎] 43E62088.40907@derobert.net>

On Sun, Feb 05, 2006 at 10:58:00AM -0500, Anthony DeRobertis wrote:
> Daniel Knabl wrote:
> 
> >  ask the user for a password via debconf (store in $CLEARPASS)
> >  and then do HASH=`mkpasswd -S 35348090 -H md5 $CLEARPASS` and
> >  afterwards the usual sed -e "s/default/"$HASH"/;" ...
> 
> No, that's not ok. First off, any "funny" characters in the password
> will cause errors. Second, and probably more important, any user running
> 'ps' will be able to read the plain-text password.
> 
> If you want to use mkpasswd, read about its -P and -s options. Pipe the
> password to it. [But don't use /bin/echo for that; same problem...] Not
> quite sure how to pull that off in sh, maybe someone will have
> suggestions...
Does this work?

	mkpasswdd -H md5 -S 35348090 -s <<EOF
	$password
	EOF
 
Why the constant hash, anyway?  Doesn't that destroy the purpose of
it?

Justin

Reply to:

Follow-Ups:
- Re: create password in postinst
  - From: Max Vozeler <max@nusquama.org>

References:
- Re: create password in postinst
  - From: Anthony DeRobertis <anthony@derobert.net>

Prev by Date: Re: create password in postinst
Next by Date: Re: create password in postinst
Previous by thread: Re: create password in postinst
Next by thread: Re: create password in postinst
Index(es):
- Date
- Thread