[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Passwords inside System Configuration

From: Raghav Gururajan
Subject: Re: Passwords inside System Configuration
Date: Tue, 21 Jan 2020 15:45:37 -0500

Hello Giovanni!

> --8<---------------cut here---------------start------------->8---
> (user-account
>   (name "charlie")
>   (group "users")
>   ;; Specify a SHA-512-hashed initial password.
>   (password (crypt "InitialPassword!" "$6$abc")))
> --8<---------------cut here---------------end--------------->8---

Thanks! But how do I do this for 'root' user as well?

> but please read

OOPS! I somehow missed it. Thanks for letting me know.

> You would normally leave this field to #f, initialize user passwords
> as
> root with the passwd command, and then let users change it with
> passwd. Passwords set with passwd are of course preserved across
> reboot
> and reconfiguration.

Yes, but I wanted to do things in declarative way.

> Note: The hash of this initial password will be available in a file
> in
> /gnu/store, readable by all the users, so this method must be used
> with
> care.

I see. But why would it be a concern? It is not feasible to brute-force 
SHA-512 hash right?

> > 3) LUKS Device
> AFAIK it's not possible to provide the passphrase in the system
> configuration, and it's by design :-)

Hmm, I have heard of a way to embed the passphrase in 'initrd'. Do you
know how to do that?

Thank you!


Attachment: signature.asc
Description: This is a digitally signed message part

reply via email to

[Prev in Thread] Current Thread [Next in Thread]