[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Passwords inside System Configuration
From: |
Raghav Gururajan |
Subject: |
Re: Passwords inside System Configuration |
Date: |
Tue, 21 Jan 2020 15:45:37 -0500 |
Hello Giovanni!
> --8<---------------cut here---------------start------------->8---
> (user-account
> (name "charlie")
> (group "users")
>
> ;; Specify a SHA-512-hashed initial password.
> (password (crypt "InitialPassword!" "$6$abc")))
> --8<---------------cut here---------------end--------------->8---
Thanks! But how do I do this for 'root' user as well?
> but please read
> https://guix.gnu.org/manual/en/html_node/User-Accounts.html#user_002daccount_002dpassword
OOPS! I somehow missed it. Thanks for letting me know.
> You would normally leave this field to #f, initialize user passwords
> as
> root with the passwd command, and then let users change it with
> passwd. Passwords set with passwd are of course preserved across
> reboot
> and reconfiguration.
Yes, but I wanted to do things in declarative way.
> Note: The hash of this initial password will be available in a file
> in
> /gnu/store, readable by all the users, so this method must be used
> with
> care.
I see. But why would it be a concern? It is not feasible to brute-force
SHA-512 hash right?
> > 3) LUKS Device
>
> AFAIK it's not possible to provide the passphrase in the system
> configuration, and it's by design :-)
Hmm, I have heard of a way to embed the passphrase in 'initrd'. Do you
know how to do that?
Thank you!
Regards,
RG.
signature.asc
Description: This is a digitally signed message part