Set pre-encrypted passwords for users
Axel Freyn
axel-freyn at gmx.de
Sat Apr 3 13:46:39 CEST 2010
Hi Christian,
>
> > For sure, one reason for /etc/shadow is to prevent exactly that, but
> > during a FAI-installation, I see much more serious security concerns
> > (well: if you don't trust the network during the installations...):
>
> [snip]
>
> Trre. Things you point out are valid. Still...
>
> If one can do it right (with very little extra effort) from the beginning,
> why not do it? Especially when the "solution" is distributed to a
> relatively large audience. It may also serve as a proper example (cut &
> paste is a wide spread programming "method"). If the wheel is already
> invented, what's the gain in ignoring that fact?
I agree: IF it is possible with "very little effort" ;-) The only
danger I see is that this might create a false feeling of security
("Just look how secure the process is - it's even impossible to read the
encrypted passwords") - while some other possible attacks might be
ignored. But of course: If the choice is to do this right or not - then
it's better to do it right;-)
Axel
More information about the linux-fai
mailing list