On Tuesday 02 June 2009, 16:23:18, Daniel Baumann wrote: > > I have sent this before, but the patch file I sent was not good, so I > > think it's why not being accepted.
> In general, I'm not a fan of adding such a feature. Exposing passwords > and also their hashes to visible to any user (which a boot parameter is, > through /proc/cmdline), is not a good thing. It's better to statically > configure user accounts directly by calling e.g. adduser through a hook > at build time. Since what it's proposed expose the password in crypted way, it seems a better approach of what we got since today. Maybe another approach could be launching an interactive script during boot (enabled with a boot parameter obviously and before starting real /sbin/init) which could ask the password and setup the user(s) password(s). In this case the level of security is not better, just different (think about keyloggers :-)) -- ESC:wq -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
