New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Change default password on Cumulus switch #3743
Comments
hi @mattaezell , so you want to create a postscript to update/create password field in /etc/shadow, this script can be invoked as postscript during os provision or I have several questions on your proposal:
|
Hi @immarvin. Yes, I think are correct with my intentions.
|
hi @mattaezell , any update on this?thx |
@immarvin Unfortunately, I haven't had the time to work on this yet. |
ok, since we are working on the release process for 2.13.7, I will move the target to next release, is it ok? |
Sure, but I will try to get this in place before we provision our Summit switches. |
Security policy requires us to change the password for the cumulus user to be non-default.
I propose a generic postscript solution that can change passwords in /etc/shadow on systems running linux (compute nodes, Cumulus switches, OpenBMC, etc). This would also be useful for us after installation, since we have to change our passwords from time to time. We probably want all the passwords salted+hashed in the passwd table and copied over on-demand similar to the getipmi script in Genesis (we probably don't want the hashed passwords left in mypostscript).
I'm willing to work on implementation if the xCAT developers agree this is the best way to handle this.
The text was updated successfully, but these errors were encountered: