Re: Passwords inside System Configuration

[Raghav Gururajan]

Hello Giovanni!

> --8<---------------cut here---------------start------------->8---
> (user-account
>   (name "charlie")
>   (group "users")
> 
>   ;; Specify a SHA-512-hashed initial password.
>   (password (crypt "InitialPassword!" "$6$abc")))
> --8<---------------cut here---------------end--------------->8---

Thanks! But how do I do this for 'root' user as well?

> but please read
> https://guix.gnu.org/manual/en/html_node/User-Accounts.html#user_002daccount_002dpassword

OOPS! I somehow missed it. Thanks for letting me know.

> You would normally leave this field to #f, initialize user passwords
> as
> root with the passwd command, and then let users change it with
> passwd. Passwords set with passwd are of course preserved across
> reboot
> and reconfiguration.

Yes, but I wanted to do things in declarative way.

> Note: The hash of this initial password will be available in a file
> in
> /gnu/store, readable by all the users, so this method must be used
> with
> care.

I see. But why would it be a concern? It is not feasible to brute-force 
SHA-512 hash right?

> > 3) LUKS Device
> 
> AFAIK it's not possible to provide the passphrase in the system
> configuration, and it's by design :-)

Hmm, I have heard of a way to embed the passphrase in 'initrd'. Do you
know how to do that?

Thank you!

Regards,
RG.

signature.asc
Description: This is a digitally signed message part