Passwords in FAI (Was: Re: Copy directories with fcopy)

Henning Glawe glaweh at physik.fu-berlin.de
Thu Jan 13 13:42:04 CET 2005


On Thu, Jan 13, 2005 at 02:23:37PM +0200, Markus T�rnqvist wrote:
> On Wed, Jan 12, 2005 at 07:05:26PM +0100, Henning Glawe wrote:
> >1) copying passwd is not a good idea: it contains many dynamic entries
> >   generated by packages (and thus changes quite often)
> 
> Well, in this case it's pretty much a good idea :)
> I'd like to company sysadmin team to be able to log in, if they
> change their passwords, it's not an installation problem.
>
> Customer accounts are added manually afterwards in either case.

but if you install software, the passwd tends to change already: packages
such as ssh create users and/or groups, and the order in which the
installation happens determines the uids; if you later install a non-matching
/etc/passwd, the permissions in the filesystem are garbled.

thats why I use a script to add the necessary account(s) using 'adduser' and
postprocess /etc/passwd afterwards to insert the correct password hashes.

> >2) unless you run fcopy recursively somewhere you need to call it for each
> >   file.
> 
> I made a script like USERS/S666 or something to write the files but
> there's a new problem.
> 
> It doesn't authenticate, no matter what.
> I compared the PAM configuration and all's the same there as on the
> install server, as well as the file contents and permissions.
> 
> Must I enable crypts manually somewhere? In which format is the
> default root password after fai? 16-bit MD5?

this depends on the configuration you are using. try to check $FAI/scripts/*
for things messing around with the passwords...
One quick idea: maybe it is a problem with shadow passwords: if they are
enabled, password hashes are in /etc/shadow and not in /etc/passwd...

-- 
c u
henning



More information about the linux-fai mailing list