Hide password or Prompt for password
Prunk Dump
prunkdump at gmail.com
Sat Feb 1 09:43:57 CET 2014
> On Fri, 2014-01-31 at 10:48 +0100, Prunk Dump wrote:
>
>> So is there a way to send the "samba4password" securely to the clients
>> ? This is the main samba root password !
>
> A couple of years ago, there was a discussion on this list about sending
> secret information (such as crypto keys and passowrds) to FAI clients
> during install. Search the archives.
>
> IIRC, the conclusion was that because all information (including any
> keys and passwords to access other keys and passwords) must come to the
> client via network, there is no 100% secure way of delivering that
> information. However, several good alternatives were proposed, such as
> single-use access to the secrets with logging of all transfers, or using
> an out-of-band data transfer medium, such as a USB stick.
>
>> Ideally, is this possible to be prompted for this password by FAI when
>> installing the clients ?
>>
>> Or it is possible to send a ssh command from the server when the
>> clients wait for reboot ? Is there a way to get the list of there
>> waiting clients ?
>
> Both of these are possible with some scripting (hooks). For monitoring
> of progress, check out faimond. There is also a GUI available
> (faimond-gui) if you prefer.
>
> Regards,
>
> Toomas Tamm
Thank you very much for your help !
It's true that there is no 100% secure way to send passwords to
clients ! But SSH key are very secure and they are greatly sufficient
for my network.
2014-01-31 John G. Heim <jheim at math.wisc.edu>:
>
>
>> Ideally, is this possible to be prompted for this password by FAI when
>> installing the clients ?
>
>
> You can do this by reading from /dev/console.
>
> Here is a perl code segment that does more than just what you're asking
> about.
In fact, my first question was not very clear. I would like to be
prompted for passwords on the FAI server, and if it's possible, just
one time. I'm searching a way to make the clients waiting for this
input from the Fai server.
Maybe I can make a server script that :
-> Query the samba4 password on the server
-> Read the the output of faimond
-> each time a client finish, send a "ssh -c net ads join ......"
-> send a "ssh -c reboot"
Is there a simpler method to do this ?
Thank you again ! Toomas, John,
Baptiste.
More information about the linux-fai
mailing list