On Wed, Dec 25, 2013 at 08:55:50PM -0500, Michael H. Warfield wrote: > On Wed, 2013-12-25 at 20:13 -0500, Leonid Isaev wrote: > > On Wed, 25 Dec 2013 19:17:19 -0500 > > "Michael H. Warfield" <[email protected]> wrote: > > > > > On Wed, 2013-12-25 at 13:19 -0500, Leonid Isaev wrote: > > > > On Wed, 25 Dec 2013 10:17:20 -0500 > > > > "Michael H. Warfield" <[email protected]> wrote: > > > > > > > > In that case, you definitely need to go with 1.0.0-beta1 or better. I > > > > > > > is there anything special in the template that expects lxc-start 1.0.0, > > > > or > > > > one can simply download the template and run it as a bash script, and > > > > keep > > > > lxc 0.9.0? > > > > > > Nope. If you have a fully configured template from 1.0.0-beta1 and it > > > should work perfectly fine on what you have. > > > > > > > > just did the same thing and root/root worked (we've got to figure out > > > > > something better there) > > > > > > > What about generating a random passwd from /dev/random, e.g. > > > > root_password="$(tr -cd '[:graph:]' < /dev/random | head -c 15)", echo > > > > $root_password to stdout and prompt the user to take note/change it on > > > > 1st > > > > login? > > > > > > I'm working on something now. I've already submitted a strawman > > > proposal to the lxc-devel list for a root password like this: > > > > > > Root-${Container_Name}-${RANDOM} > > > > > > We'll see. > > > > Ah, sorry, I did not see that email... > > Understandable. That was on the lxc-devel list and this is on the > lxc-users list. They don't (always) overlap. I'm proposing a change > for these templates (and Dwight has to chime in on the Oracle template) > and soliciting discussion. > > > I'll try to do something similar for the > > archlinux template (it has an empty root password by default). > > And that's really bad if you have remote access enabled. > > > Also, as long as fedora/centos/oracle (not sure if that file exists in > > debian/ubuntu) are concerned, perhaps one can use host's /etc/machine-id as > > a > > ${RANDOM} part of the password. It is of course weaker than a random string > > but still no secrets are shipped in the template and at least an admin won't > > be accidently locked out of a remotely-generated container... > > Well, there's three parts to that... One is the root (sic) "Root". > Then you have the ${Container_name}" like TwiddleDee. Then you have a > 2^15 random number from ${RANDOM} (is that only a bashism???"). > > So... A new root password for TwiddleDee would be something like... > > Root-TwiddleDee-25984 > > With warnings to record it and change it. >
I believe you can set passwd as "-e expired" forcing change at login. charles > Not great but better than what we have and it can easily (as always) be > changed from the host. > > > Thanks, > > Leonid. > > Regards, > Mike > > > > > > > > > > > > > > Regards, > > > > > Mike > > > > > > > > > > > > > Cheers, > > > > Leonid. > > > > > > Regards, > > > Mike > > > > > > > > _______________________________________________ > > lxc-users mailing list > > [email protected] > > http://lists.linuxcontainers.org/listinfo/lxc-users > > -- > Michael H. Warfield (AI4NB) | (770) 978-7061 | [email protected] > /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ > NIC whois: MHW9 | An optimist believes we live in the best of all > PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it! > > _______________________________________________ > lxc-users mailing list > [email protected] > http://lists.linuxcontainers.org/listinfo/lxc-users _______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
