[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
04/09: doc: Better explain the 'password' field of <user-account>.
From: |
guix-commits |
Subject: |
04/09: doc: Better explain the 'password' field of <user-account>. |
Date: |
Mon, 4 Mar 2019 09:24:16 -0500 (EST) |
civodul pushed a commit to branch master
in repository guix.
commit c483c5c82c129b51ef6068fad3d3f0fbca1f5df1
Author: Ludovic Courtès <address@hidden>
Date: Mon Mar 4 13:55:41 2019 +0100
doc: Better explain the 'password' field of <user-account>.
* doc/guix.texi (User Accounts): Provide an example use of 'crypt', and
mention the security implications.
---
doc/guix.texi | 29 ++++++++++++++++++++++++-----
1 file changed, 24 insertions(+), 5 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 9fb5cff..7fcfcb1 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -10695,6 +10695,7 @@ account. System accounts are sometimes treated
specially; for instance,
graphical login managers do not list them.
@anchor{user-account-password}
address@hidden password, for user accounts
@item @code{password} (default: @code{#f})
You would normally leave this field to @code{#f}, initialize user
passwords as @code{root} with the @command{passwd} command, and then let
@@ -10702,11 +10703,29 @@ users change it with @command{passwd}. Passwords set
with
@command{passwd} are of course preserved across reboot and
reconfiguration.
-If you @emph{do} want to have a preset password for an account, then
-this field must contain the encrypted password, as a string.
address@hidden,,, libc, The GNU C Library Reference Manual}, for more
information
-on password encryption, and @ref{Encryption,,, guile, GNU Guile Reference
-Manual}, for information on Guile's @code{crypt} procedure.
+If you @emph{do} want to set an initial password for an account, then
+this field must contain the encrypted password, as a string. You can use the
address@hidden procedure for this purpose:
+
address@hidden
+(user-account
+ (name "charlie")
+ (home-directory "/home/charlie")
+ (group "users")
+
+ ;; Specify a SHA-512-hashed initial password.
+ (password (crypt "InitialPassword!" "$6$abc")))
address@hidden example
+
address@hidden Note
+The hash of this initial password will be available in a file in
address@hidden/gnu/store}, readable by all the users, so this method must be
used with
+care.
address@hidden quotation
+
address@hidden Storage,,, libc, The GNU C Library Reference Manual}, for
+more information on password encryption, and @ref{Encryption,,, guile, GNU
+Guile Reference Manual}, for information on Guile's @code{crypt} procedure.
@end table
@end deftp
- branch master updated (3a0baba -> c364481), guix-commits, 2019/03/04
- 01/09: tests: Use non-deprecated (guix store) API., guix-commits, 2019/03/04
- 04/09: doc: Better explain the 'password' field of <user-account>.,
guix-commits <=
- 06/09: environment: Rename '--inherit' to '--preserve'., guix-commits, 2019/03/04
- 02/09: activation: Make home directories #o700 by default., guix-commits, 2019/03/04
- 05/09: environment: Remove deprecated -E/--exec option., guix-commits, 2019/03/04
- 07/09: gnu: emacs: Add modules support., guix-commits, 2019/03/04
- 09/09: gnu: Add arcan-sdl., guix-commits, 2019/03/04
- 08/09: gnu: Add arcan., guix-commits, 2019/03/04
- 03/09: services: Use 'file-append' for user account shells., guix-commits, 2019/03/04