> On Fri, 2014-01-31 at 10:48 +0100, Prunk Dump wrote: > >> So is there a way to send the "samba4password" securely to the clients >> ? This is the main samba root password ! > > A couple of years ago, there was a discussion on this list about sending > secret information (such as crypto keys and passowrds) to FAI clients > during install. Search the archives. > > IIRC, the conclusion was that because all information (including any > keys and passwords to access other keys and passwords) must come to the > client via network, there is no 100% secure way of delivering that > information. However, several good alternatives were proposed, such as > single-use access to the secrets with logging of all transfers, or using > an out-of-band data transfer medium, such as a USB stick. > >> Ideally, is this possible to be prompted for this password by FAI when >> installing the clients ? >> >> Or it is possible to send a ssh command from the server when the >> clients wait for reboot ? Is there a way to get the list of there >> waiting clients ? > > Both of these are possible with some scripting (hooks). For monitoring > of progress, check out faimond. There is also a GUI available > (faimond-gui) if you prefer. > > Regards, > > Toomas Tamm
Thank you very much for your help ! It's true that there is no 100% secure way to send passwords to clients ! But SSH key are very secure and they are greatly sufficient for my network. 2014-01-31 John G. Heim <[email protected]>: > > >> Ideally, is this possible to be prompted for this password by FAI when >> installing the clients ? > > > You can do this by reading from /dev/console. > > Here is a perl code segment that does more than just what you're asking > about. In fact, my first question was not very clear. I would like to be prompted for passwords on the FAI server, and if it's possible, just one time. I'm searching a way to make the clients waiting for this input from the Fai server. Maybe I can make a server script that : -> Query the samba4 password on the server -> Read the the output of faimond -> each time a client finish, send a "ssh -c net ads join ......" -> send a "ssh -c reboot" Is there a simpler method to do this ? Thank you again ! Toomas, John, Baptiste.
