Hide password or Prompt for password

Toomas Tamm tt-fai at kky.ttu.ee
Fri Jan 31 11:25:30 CET 2014


On Fri, 2014-01-31 at 10:48 +0100, Prunk Dump wrote:

> So is there a way to send the "samba4password" securely to the clients
> ? This is the main samba root password !

A couple of years ago, there was a discussion on this list about sending
secret information (such as crypto keys and passowrds) to FAI clients
during install. Search the archives.

IIRC, the conclusion was that because all information (including any
keys and passwords to access other keys and passwords) must come to the
client via network, there is no 100% secure way of delivering that
information. However, several good alternatives were proposed, such as
single-use access to the secrets with logging of all transfers, or using
an out-of-band data transfer medium, such as a USB stick.

> Ideally, is this possible to be prompted for this password by FAI when
> installing the clients ?
> 
> Or it is possible to send a ssh command from the server when the
> clients wait for reboot ? Is there a way to get the list of there
> waiting clients ?

Both of these are possible with some scripting (hooks). For monitoring
of progress, check out faimond. There is also a GUI available
(faimond-gui) if you prefer.

Regards,

Toomas Tamm


More information about the linux-fai mailing list