[poky] Default root password without 'debug-tweaks'?

Bryan Evenson bevenson at melinkcorp.com
Thu Aug 1 08:27:48 PDT 2013 

All,

I'm having some issues with setting the root password.  My image is based off of core-image-minimal, which uses TinyLogin for password management.  First, I tried getting the encrypted password by setting root's password and seeing what it looked like in /etc/shadow.  However, it looks like more information than what is shown in /etc/shadow is used to encrypt the password, because the encrypted password is different each time.

For example, I have a new image that created with 'debug-tweaks' on, so root has a blank password.  From /etc/shadow:

root::15918:0:99999:7:::

showing root has no password.  If I change root's password to "password", I get:

root:bZMfmHD5uJ3l6:15918:0:99999:7:::

If I change root's password to "password" again, I get:

root:CiwTL1eJx70ps:15918:0:99999:7:::

So at this time I do not know how to get the encrypted password.  And also related to the password, it looks like TinyLogin limits the password to 8 characters.  You can type something more than 8 characters for your password, but it will only use the first 8 characters.  I'd like to be able to use a slightly stronger password.  So my questions are:

* Is there a different password manager package that I can use that doesn't have the 8 character limit?  I see that Busybox has password management, but I don't yet know if it has the same limitation.
* If there is another one to use, how do I ensure TinyLogin is not installed?
* With the other password manager, how do I get the encrypted password to insert in the EXTRA_USER_PARAMS feature?
* The TinyLogin package is using the source code that was last updated in 2003, and the TinyLogin web page as directed from the package script states: "TinyLogin was merged into BusyBox, current sources can thus be checked out via BusyBox."  Should the TinyLogin package be removed from core-image-minimal and BusyBox password management turned on to use more recent sources?

Regards,
Bryan

> -----Original Message-----
> From: poky-bounces at yoctoproject.org [mailto:poky-
> bounces at yoctoproject.org] On Behalf Of ChenQi
> Sent: Friday, July 26, 2013 1:44 AM
> To: poky at yoctoproject.org
> Subject: Re: [poky] Default root password without 'debug-tweaks'?
> 
> On 07/25/2013 08:28 PM, Bryan Evenson wrote:
> > Paul,
> >
> > >From looking at the patch series Chen Qi recently posted about the
> > EXTRA_USER_PARAMS, one could do the following in your local.conf:
> >
> > require conf/distro/include/security_flags.inc
> The above line is not needed for this feature.
> 
> > INHERIT += "extrausers"
> > EXTRA_USERS_PARAMS = "\
> >      usermod -p 'encrypted_password' root; \ "
> >
> > If I understand correctly, that should change the root password to
> the
> > listed encrypted password.  But that still leaves the problem of
> > getting the encrypted root password.  Changing the password on the
> > hardware and then viewing the encrypted password under /etc/shadow is
> > a little messy,
> That's the way I used when testing this feature. As we're creating an
> image, this method is acceptable for me.
> 
> >   but I'm at a loss for a better
> > solution that is guaranteed to work.  You could use crypt or mcrypt
> to
> > encrypt a file containing the password in plaintext on the host, but
> > you have to know the encryption algorithm used on the target
> > filesystem.
> If you find one, please let me know. Thanks.
> 
> > If anyone knows of a better way to create the encrypted password that
> > would be used by the target, I'm open to suggestions.
> >
> > Thanks,
> > Bryan
> Just to be clear, use the way of copying files is not acceptable, as
> there are some directories related to user setting such as the user's
> home directory and mail directory. And these files should also be
> handled correctly.
> 
> Best Regards,
> Chen Qi
> 
> >
> >> -----Original Message-----
> >> From: Paul Eggleton [mailto:paul.eggleton at linux.intel.com]
> >> Sent: Thursday, July 25, 2013 8:01 AM
> >> To: Bryan Evenson
> >> Cc: poky at yoctoproject.org
> >> Subject: Re: [poky] Default root password without 'debug-tweaks'?
> >>
> >> On Thursday 25 July 2013 07:53:20 Bryan Evenson wrote:
> >>> Thank you for the explanation.  And just earlier this morning, I
> >> found
> >>> this description of how to change the root password for an image:
> >>> http://bec-systems.com/site/967/setting-the-root-password-in-an-
> >> openem
> >>> bedded
> >>> -image.
> >>>
> >>> If this would be a suggested method of performing the task, I could
> >>> write a patch for the documentation to add the details about the
> >>> root account being locked and the suggested method for modifying
> the
> >>> root password.  If you could point me to a good place to add this
> >>> detail, I'll send out a patch.
> >> Hmm, that method does seem a bit messy though. Ideally there would
> be
> >> a simple method available that didn't require you to boot the target
> >> system. Presumably it wouldn't be too hard to do it using tools on
> >> the host.
> >>
> >> Cheers,
> >> Paul
> >>
> >> --
> >>
> >> Paul Eggleton
> >> Intel Open Source Technology Centre
> > _______________________________________________
> > poky mailing list
> > poky at yoctoproject.org
> > https://lists.yoctoproject.org/listinfo/poky
> >
> >
> 
> _______________________________________________
> poky mailing list
> poky at yoctoproject.org
> https://lists.yoctoproject.org/listinfo/poky

More information about the poky mailing list