[lxc-devel] [PATCH v2 3/3] Improve setting the default password in a new container
Michael H. Warfield
mhw at WittsEnd.com
Sat Oct 11 17:24:10 UTC 2014
On Sat, 2014-10-11 at 11:58 +0900, TAMUKI Shoichi wrote:
> Hello,
>
> From: "Michael H. Warfield" <mhw at WittsEnd.com>
> Subject: Re: [lxc-devel] [PATCH v2 3/3] Improve setting the default password in a new container
> Date: Thu, 09 Oct 2014 23:23:30 -0400
>
> > > The default password in a new container is now auto-generated using
> > > phoneme rules and (good) random numbers.
> > >
> > > Even if the default random password is set in a distribution-specific
> > > template and you use the download template to pull a pre-built rootfs
> > > image, you will get the same password every time unless the pre-built
> > > rootfs image is updated.
> > >
> > > So, the default random password in a new container is to be set after
> > > container creation. The user names whose passwords to be changed are
> > > stored in *.chpasswd file which is located at /usr/share/lxc/config.
> > > Each line of the file specifies a user name whose password is to be
> > > changed. If the target *.chpasswd file does not exist, no password is
> > > changed in a new container.
> >
> > This is obviously a festering problem and one that has already been
> > addressed in the Fedora and CentOS templates in a different manner and
> > additional patches have been submitted and under discussion. Did you
> > even bother to read the code in the Fedora and CentOS templates?
> At first, I intended to use the code in the Fedora/CentOS templates,
> but I became aware that the method was available only when using the
> template with '-t' option to lxc-create. It can not be used by non-
> priv users.
That would then be handled by the download template and, iirc, it was
Stéphane's intention to have those containers start with "locked"
accounts and require lxc-attach or something similar to set up.
> > Please immediately table this patch until further discussion can be
> > completed and a consensus achieved.
> Sure, I would like to discuss the approach with the people interested.
Cool.
> Regards,
> TAMUKI Shoichi
Regards,
Mike
--
Michael H. Warfield (AI4NB) | (770) 978-7061 | mhw at WittsEnd.com
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 465 bytes
Desc: This is a digitally signed message part
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20141011/0dda4a15/attachment.sig>
More information about the lxc-devel
mailing list