Re: Passwords in FAI (Was: Re: Copy directories with fcopy)
> On Thu, 13 Jan 2005 14:23:37 +0200, [EMAIL PROTECTED] (Markus Törnqvist) > said: > Must I enable crypts manually somewhere? In which format is the > default root password after fai? 16-bit MD5? Password are normal crypt password without using /etc/shadow. This will change in fai 2.6.6 (comming soon). Have a look at scripts/LAST in fai 2.6.6 -- regards Thomas
Re: Passwords in FAI (Was: Re: Copy directories with fcopy)
On Thu, Jan 13, 2005 at 02:23:37PM +0200, Markus TXrnqvist wrote: > On Wed, Jan 12, 2005 at 07:05:26PM +0100, Henning Glawe wrote: > >1) copying passwd is not a good idea: it contains many dynamic entries > > generated by packages (and thus changes quite often) > > Well, in this case it's pretty much a good idea :) > I'd like to company sysadmin team to be able to log in, if they > change their passwords, it's not an installation problem. What about having a locked root password and installing your sysadmin public ssh keys instead? > Customer accounts are added manually afterwards in either case. On the YP server, we run a script to extract user accounts (strip everything with UID below 1000) and upload this to FAIconfig CVS periodically... It's still work in progress, but it's quite close: http://pandora.aei.mpg.de/cgi-bin/viewcvs.cgi/faiconfig/ Of course, hints are welcome... Cheers, Steffen
Re: Passwords in FAI (Was: Re: Copy directories with fcopy)
On Thu, Jan 13, 2005 at 02:23:37PM +0200, Markus Tïrnqvist wrote: > On Wed, Jan 12, 2005 at 07:05:26PM +0100, Henning Glawe wrote: > >1) copying passwd is not a good idea: it contains many dynamic entries > > generated by packages (and thus changes quite often) > > Well, in this case it's pretty much a good idea :) > I'd like to company sysadmin team to be able to log in, if they > change their passwords, it's not an installation problem. > > Customer accounts are added manually afterwards in either case. but if you install software, the passwd tends to change already: packages such as ssh create users and/or groups, and the order in which the installation happens determines the uids; if you later install a non-matching /etc/passwd, the permissions in the filesystem are garbled. thats why I use a script to add the necessary account(s) using 'adduser' and postprocess /etc/passwd afterwards to insert the correct password hashes. > >2) unless you run fcopy recursively somewhere you need to call it for each > > file. > > I made a script like USERS/S666 or something to write the files but > there's a new problem. > > It doesn't authenticate, no matter what. > I compared the PAM configuration and all's the same there as on the > install server, as well as the file contents and permissions. > > Must I enable crypts manually somewhere? In which format is the > default root password after fai? 16-bit MD5? this depends on the configuration you are using. try to check $FAI/scripts/* for things messing around with the passwords... One quick idea: maybe it is a problem with shadow passwords: if they are enabled, password hashes are in /etc/shadow and not in /etc/passwd... -- c u henning
Passwords in FAI (Was: Re: Copy directories with fcopy)
On Wed, Jan 12, 2005 at 07:05:26PM +0100, Henning Glawe wrote: >1) copying passwd is not a good idea: it contains many dynamic entries > generated by packages (and thus changes quite often) Well, in this case it's pretty much a good idea :) I'd like to company sysadmin team to be able to log in, if they change their passwords, it's not an installation problem. Customer accounts are added manually afterwards in either case. >2) unless you run fcopy recursively somewhere you need to call it for each > file. I made a script like USERS/S666 or something to write the files but there's a new problem. It doesn't authenticate, no matter what. I compared the PAM configuration and all's the same there as on the install server, as well as the file contents and permissions. Must I enable crypts manually somewhere? In which format is the default root password after fai? 16-bit MD5? So close yet so far ;) Thanks! -- mjt