Jonas Smedegaard wrote: > On Tue, May 18, 2010 at 11:40:08AM +0200, Ronny Aasen wrote: >> Jonas Smedegaard wrote: >>> On Tue, May 18, 2010 at 09:37:56AM +0200, Finn-Arne Johansen wrote: >>>> On 05/15/2010 05:43 PM, Andreas B. Mundt wrote: >>>>> Hi, >>>>> So my question is: Can I, by any means, access the root password >>>>> entered at the beginning of the installation at a later stage of >>>>> the installation process in clear text? >>>>> >>>>> Alternative ideas or solutions are of course welcome. >>>> >>>> Is it possible to create an udeb (or use debian-edu-*udeb) to ask >>>> for the main password, store it in cleartext, preseed the root >>>> password, then remove the cleartext password at the end of the >>>> installation. >>> >>> I suspect that to be a dangerous approach: In effect this would >>> duplicate (albeit hashed) the original root password which will *not* >>> change if the original root password is later changed. >>> >>> I do not find it uncommon to use a quick'n'dirty password at install >>> time and then tighten security later. With this approach the too >>> weak, temporary, initial password would silently become a weak >>> backdoor into the system. >>> >>> I certainly hope that no similar approach is in use today already! >> >> >> It is. >> >> the quick and dirty password used at install. is also stored as the >> password for the ldap user "admin" >> >> when the user changes the root password. the ldap user admin password is >> unchanged. > > That was my fear! > > >> and must be changed in the admin tool separatly. But since >> _everything_ is done via ldap, the user quickly learn about the admin >> users (even if he does not read the documentation) > > How about the opposite: Can a Debian-Edu system be maintained using LWAT > and not the root account, so that a weak _root_ password may go > unnoticed due to wrong assumption that changing LWAT password was enough? > > >> still asking for 3 passwords (root / ldap admin / kerberos) during >> install does not make this situation in any way better. one might in >> the worst case end up with 3 quick and dirty passwords. > > Indeed. > > >> I don't know any better solution then documentation, and perhaps >> debconf notes alerting that the root password should not be quick'n'dirty > > I believe debian-installer now supports *not* setting a root password, > to support sudo style root access: noone is allowed to login as root > directly, only indirectly as a user in the sudoers (or whatever) group. > > I have no experience with such security setup - and a question that > springs to mind is how to then secure single user mode? > > Nevertheless that root password suppression (if I recall correctly that > it is supported now) could be used to postpone setup of root password > and instead do it in a script that sets all three passwords coordinated, > and perhaps at the same time informs the local admin about the > Debian-Edu password structure.
or use finnarne's preseed the root password in our udeb suggestion. We can still inform the local admin about debian-edu's password structure in a debconf note at the same time. And also use the password for kerberos. I assume there is a slightly higher change that the users read the debconf note's then reading the same thing in the documentation. Ronny -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
