MD5 Support
Sébastien GALLET
sgallet at ibourgogne.net
Fri Jan 31 17:21:30 CET 2003
Thank you very much for your councils, Andrew.
I used them to develop following scripts.
If you want to add it to your faqomatic, read below
- Define a class MD5 for your config
- Add a script DEFAULT/S10 to reconfigure packet
#! /bin/sh
if ifclass MD5; then
echo "set passwd/md5 true" | $ROOTCMD debconf-communicate
echo "set passwd/shadow true" | $ROOTCMD debconf-communicate
$ROOTCMD dpkg-reconfigure -fnoninteractive passwd
fi
exit 0
- patch the DEFAULT/S20
# add second root account using tcsh
# insert encrypted root password
# { ${target}/etc/passwd
# LocateLineMatching "^root:.*"
# InsertLine "roott::0:0:root:/root:/usr/bin/tcsh"
# ReplaceAll "^root::" With "root:${rootpw}:"
# ReplaceAll "^roott::" With "roott:${rootpw}:"
# }
...
#Support of md5/shadow password
MD5::
{ ${target}/etc/passwd
LocateLineMatching "^root:.*"
InsertLine "roott:x:0:0:root:/root:/usr/bin/tcsh"
}
{ ${target}/etc/shadow
LocateLineMatching "^root:.*"
InsertLine "roott::12081:0:99999:7:::"
ReplaceAll "^root::" With "root:${rootpw}:"
ReplaceAll "^roott::" With "roott:${rootpw}:"
}
!MD5::
{ ${target}/etc/passwd
LocateLineMatching "^root:.*"
InsertLine "roott::0:0:root:/root:/usr/bin/tcsh"
ReplaceAll "^root::" With "root:${rootpw}:"
ReplaceAll "^roott::" With "roott:${rootpw}:"
}
and that's works
Andrew Pollock wrote:
>On Tue, Jan 28, 2003 at 11:51:09PM +1100, senaque at thepla.net wrote:
>
>
>>On 28 Jan 2003 at 21:13, Andrew Pollock shaped the electrons to say...
>>
>>
>>
>>>A less kludgey method of enabling MD5 password support is:
>>>
>>>echo "set passwd/md5 true" | chroot /tmp/target debconf-communicate
>>>DEBIAN_FRONTEND=Noninteractive chroot /tmp/target dpkg-reconfigure passwd
>>>
>>>Is there a FAQ for FAI? This MD5 question pops up every now and then...
>>>
>>>Andrew
>>>
>>>
>>Ahh, that is truly fantastic Andrew! I've since reading your e-mail *discovered*
>>debconf... it's incredible! I've found out about debconf-show also (to show what
>>variables I can preconfigure for a any given package that is being installed in non-
>>interactive mode), which is really important for a good FAI setup.
>>
>>
>
>Glad to me of help :-)
>
>
>
>>Quick question: where is the best place to set my debconf variables in relation to FAI?
>>In /fai/scripts/S100 and then list all the packages I want to pre-configure in there or is it
>>better to use a template(per class)? or how/where? I mean it would make more sense
>>to set the package configs prior to installing the package, but I'm not sure if that would
>>break something...I've noticed for example that in /fai/scripts/S20, the fai root
>>password is being set, so this would mean it would be set prior to enabling
>>passwd/md5 or passwd/shadow support (yes, it is also writing to /etc/passwd not
>>/etc/shadow...) though this is easy to change or comment out.
>>
>>
>
>You can always use class specific scripts to set the appropriate
>variables, after the software has been installed, and reconfigure the
>packages then. That's usually how I do it, or you could set them all up
>front I guess, earlier in the piece like you suggest.
>
>
>
>>Lastly, yes there is a FAQ for FAI at /usr/share/doc/fai/FAQ (not on the web) which is
>>installed when you install FAI, although it is rather 'minimal' at this time. I'm sorry I had
>>not realised this topic had been covered previously, though I did make an effort to
>>search the mail-archives for both MD5 and md5 and only found one hit talking about
>>something unrelated.
>>
>>
>
>Hmmm, methinks a web based FAQ could be useful. I'm happy to bang up a
>FAQoMatic if people want to contribute items...
>
>
>
>>My apologies.
>>
>>I'm going to go search this list now for experiences with debconf+FAI as it seems the
>>way to go ;-)
>>
>>
>
>You'll find a few references to it in the archives.
>
>
>
>>Thanks for the help...
>>
>>
>
>No problem.
>
>Andrew
>
>
More information about the linux-fai
mailing list