[lxc-users] credentials for fedora container

Leonid Isaev lisaev at umail.iu.edu
Thu Dec 26 01:13:49 UTC 2013 

On Wed, 25 Dec 2013 19:17:19 -0500
"Michael H. Warfield" <mhw at WittsEnd.com> wrote:

> On Wed, 2013-12-25 at 13:19 -0500, Leonid Isaev wrote: 
> > On Wed, 25 Dec 2013 10:17:20 -0500
> > "Michael H. Warfield" <mhw at WittsEnd.com> wrote:
> 
> > > In that case, you definitely need to go with 1.0.0-beta1 or better.  I
> 
> > is there anything special in the template that expects lxc-start 1.0.0, or
> > one can simply download the template and run it as a bash script, and keep
> > lxc 0.9.0?
> 
> Nope.  If you have a fully configured template from 1.0.0-beta1 and it
> should work perfectly fine on what you have.
> 
> > > just did the same thing and root/root worked (we've got to figure out
> > > something better there)
> 
> > What about generating a random passwd from /dev/random, e.g.
> > root_password="$(tr -cd '[:graph:]' < /dev/random | head -c 15)", echo
> > $root_password to stdout and prompt the user to take note/change it on 1st
> > login?
> 
> I'm working on something now.  I've already submitted a strawman
> proposal to the lxc-devel list for a root password like this:
> 
> Root-${Container_Name}-${RANDOM}
> 
> We'll see.

Ah, sorry, I did not see that email... I'll try to do something similar for the
archlinux template (it has an empty root password by default).

Also, as long as fedora/centos/oracle (not sure if that file exists in
debian/ubuntu) are concerned, perhaps one can use host's /etc/machine-id as a
${RANDOM} part of the password. It is of course weaker than a random string
but still no secrets are shipped in the template and at least an admin won't
be accidently locked out of a remotely-generated container...

Thanks,
Leonid.

> 
> > > 
> > > Regards,
> > > Mike
> > > 
> > 
> > Cheers,
> > Leonid.
> 
> Regards,
> Mike



-- 
Leonid Isaev
GnuPG key: 0x164B5A6D
Fingerprint: C0DF 20D0 C075 C3F1 E1BE  775A A7AE F6CB 164B 5A6D
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20131225/e012a20e/attachment.pgp>

More information about the lxc-users mailing list