Date: Fri, 06 Sep 2013 09:55:55 -0700 From: Darren Pilgrim <list_freebsd@bluerosetech.com> To: Aryeh Friedman <aryeh.friedman@gmail.com> Cc: FreeBSD Ports ML <freebsd-ports@freebsd.org> Subject: Re: setting the password of a automatically created account Message-ID: <522A091B.7080407@bluerosetech.com> In-Reply-To: <CAGBxaXnyVyAMcGnbGTHatcgZe8Lc-H4=OenEF0HvPEO4ajgmYA@mail.gmail.com> References: <CAGBxaXnyVyAMcGnbGTHatcgZe8Lc-H4=OenEF0HvPEO4ajgmYA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 9/5/2013 6:52 PM, Aryeh Friedman wrote: > I have a port that needs to create a a user of a given name and a given > default password... I found in the porters guide how to make the account > but not set the password Because you must not do that. You can't even reliably do that. There are many cases where setting the password via any locally-available method will not work. Some examples: - The site uses LDAP, AD, etc. and the local system does not have the PAM configuration to feed back password changes; - Passwd, pw, etc. are disabled and users may only change their password at a secure portal; - Users may not change their passwords at all; - The system doesn't use user passwords at all. That last is common in in internet-facing servers, where login access is keys-only ssh and/or root-only console as a countermeasure against dictionary attacks. Your port can't detect these policies and can't work around them. The best you can do is include documentation stating what needs access above a login-disabled pseudouser.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?522A091B.7080407>