[lxc-users] credentials for fedora container

Francisco listas at caraotas.net
Fri Dec 27 12:39:16 UTC 2013


I'm quite new to lxc, but did you try chrooting into the rootfs and simply
running passwd to reset it?

Cheers,
Francisco.


On Thu, Dec 26, 2013 at 10:57 AM, Michael H. Warfield <mhw at wittsend.com>wrote:

> On Thu, 2013-12-26 at 07:16 -0800, Alan Hewson wrote:
> > On Wed, Dec 25, 2013 at 08:55:50PM -0500, Michael H. Warfield wrote:
> > > On Wed, 2013-12-25 at 20:13 -0500, Leonid Isaev wrote:
> > > > On Wed, 25 Dec 2013 19:17:19 -0500
> > > > "Michael H. Warfield" <mhw at WittsEnd.com> wrote:
> > > >
> > > > > On Wed, 2013-12-25 at 13:19 -0500, Leonid Isaev wrote:
> > > > > > On Wed, 25 Dec 2013 10:17:20 -0500
> > > > > > "Michael H. Warfield" <mhw at WittsEnd.com> wrote:
> > > > >
> > > > > > > In that case, you definitely need to go with 1.0.0-beta1 or
> better.  I
> > > > >
> > > > > > is there anything special in the template that expects lxc-start
> 1.0.0, or
> > > > > > one can simply download the template and run it as a bash
> script, and keep
> > > > > > lxc 0.9.0?
> > > > >
> > > > > Nope.  If you have a fully configured template from 1.0.0-beta1
> and it
> > > > > should work perfectly fine on what you have.
> > > > >
> > > > > > > just did the same thing and root/root worked (we've got to
> figure out
> > > > > > > something better there)
> > > > >
> > > > > > What about generating a random passwd from /dev/random, e.g.
> > > > > > root_password="$(tr -cd '[:graph:]' < /dev/random | head -c
> 15)", echo
> > > > > > $root_password to stdout and prompt the user to take note/change
> it on 1st
> > > > > > login?
> > > > >
> > > > > I'm working on something now.  I've already submitted a strawman
> > > > > proposal to the lxc-devel list for a root password like this:
> > > > >
> > > > > Root-${Container_Name}-${RANDOM}
> > > > >
> > > > > We'll see.
> > > >
> > > > Ah, sorry, I did not see that email...
> > >
> > > Understandable.  That was on the lxc-devel list and this is on the
> > > lxc-users list.  They don't (always) overlap.  I'm proposing a change
> > > for these templates (and Dwight has to chime in on the Oracle template)
> > > and soliciting discussion.
> > >
> > > > I'll try to do something similar for the
> > > > archlinux template (it has an empty root password by default).
> > >
> > > And that's really bad if you have remote access enabled.
> > >
> > > > Also, as long as fedora/centos/oracle (not sure if that file exists
> in
> > > > debian/ubuntu) are concerned, perhaps one can use host's
> /etc/machine-id as a
> > > > ${RANDOM} part of the password. It is of course weaker than a random
> string
> > > > but still no secrets are shipped in the template and at least an
> admin won't
> > > > be accidently locked out of a remotely-generated container...
> > >
> > > Well, there's three parts to that...  One is the root (sic) "Root".
> > > Then you have the ${Container_name}" like TwiddleDee.  Then you have a
> > > 2^15 random number from ${RANDOM} (is that only a bashism???").
> > >
> > > So...  A new root password for TwiddleDee would be something like...
> > >
> > > Root-TwiddleDee-25984
> > >
> > > With warnings to record it and change it.
> > >
>
> > I believe you can set passwd as "-e expired" forcing change at login.
>
> That's an interesting thought as well.
>
> > charles
>
> Regards,
> Mike
>
> > > Not great but better than what we have and it can easily (as always) be
> > > changed from the host.
> > >
> > > > Thanks,
> > > > Leonid.
> > >
> > > Regards,
> > > Mike
> > >
> > > > >
> > > > > > >
> > > > > > > Regards,
> > > > > > > Mike
> > > > > > >
> > > > > >
> > > > > > Cheers,
> > > > > > Leonid.
> > > > >
> > > > > Regards,
> > > > > Mike
> > > >
> > > >
> > > >
> > > > _______________________________________________
> > > > lxc-users mailing list
> > > > lxc-users at lists.linuxcontainers.org
> > > > http://lists.linuxcontainers.org/listinfo/lxc-users
> > >
> > > --
> > > Michael H. Warfield (AI4NB) | (770) 978-7061 |  mhw at WittsEnd.com
> > >    /\/\|=mhw=|\/\/          | (678) 463-0932 |
> http://www.wittsend.com/mhw/
> > >    NIC whois: MHW9          | An optimist believes we live in the best
> of all
> > >  PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of
> it!
> > >
> >
> >
> >
> > > _______________________________________________
> > > lxc-users mailing list
> > > lxc-users at lists.linuxcontainers.org
> > > http://lists.linuxcontainers.org/listinfo/lxc-users
> >
> > _______________________________________________
> > lxc-users mailing list
> > lxc-users at lists.linuxcontainers.org
> > http://lists.linuxcontainers.org/listinfo/lxc-users
> >
>
> --
> Michael H. Warfield (AI4NB) | (770) 978-7061 |  mhw at WittsEnd.com
>    /\/\|=mhw=|\/\/          | (678) 463-0932 |
> http://www.wittsend.com/mhw/
>    NIC whois: MHW9          | An optimist believes we live in the best of
> all
>  PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
>
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20131227/a8baf386/attachment.html>


More information about the lxc-users mailing list