RE: [Users] create CT with password

2008-11-11 Thread Dietmar Maurer
On Tue, Nov 11, 2008 at 10:58:46AM +0100, Dietmar Maurer wrote: Is there are real world example where my approach does not work? I think your approach won't work as is, at least in any tcb-enabled system (see http://www.openwall.com/tcb/) for two obvious reasons: - file where root shadow

RE: [Users] create CT with password

2008-11-11 Thread Dietmar Maurer
I think your approach won't work as is, at least in any tcb-enabled system (see http://www.openwall.com/tcb/) for two obvious reasons: - file where root shadow entry is stored is not /etc/shadow; I guess it is possible to detect the file and store the password? It is a simple test for

Re: [Users] create CT with password

2008-11-11 Thread Dmitry V. Levin
Hi, On Tue, Nov 11, 2008 at 10:58:46AM +0100, Dietmar Maurer wrote: Is there are real world example where my approach does not work? I think your approach won't work as is, at least in any tcb-enabled system (see http://www.openwall.com/tcb/) for two obvious reasons: - file where root shadow

RE: [Users] create CT with password

2008-11-11 Thread Dietmar Maurer
Is there are real world example where my approach does not work? I check for /etc/shadow, and store as md5 - AFAIK the user is able to login with that password on all distribution using pam_unix. If not, we can still try to read and parse the pam configuration. It will not work for nis, but

Re: [Users] create CT with password

2008-11-11 Thread Dmitry V. Levin
On Tue, Nov 11, 2008 at 12:29:04PM +0100, Dietmar Maurer wrote: On Tue, Nov 11, 2008 at 10:58:46AM +0100, Dietmar Maurer wrote: Is there are real world example where my approach does not work? I think your approach won't work as is, at least in any tcb-enabled system (see

RE: [Users] create CT with password

2008-11-11 Thread Dietmar Maurer
This way you'll have to either use the most weak hashing algorithm supported by every container OS, or risk that your modern hashing algorithm is not supported by some container OS. We can customize the scripts per OS (as we do already for other settings). And md5 is supported on almost any

Re: [Users] create CT with password

2008-11-11 Thread albinootje
Dietmar Maurer wrote: Is there are real world example where my approach does not work? I check for /etc/shadow, and store as md5 - AFAIK the user is able to login with that password on all distribution using pam_unix. If not, we can still try to read and parse the pam configuration. It

RE: [Users] create CT with password

2008-11-11 Thread Dietmar Maurer
And is it really possible to store the root password on NIS? What happen on filesystem errors - usually single user mode ask for a password before fsck. But sure, that can't happen within a container. - Dietmar ___ Users mailing list Users@openvz.org