setting the password of a automatically created account
Darren Pilgrim
list_freebsd at bluerosetech.com
Fri Sep 6 16:56:33 UTC 2013
On 9/5/2013 6:52 PM, Aryeh Friedman wrote:
> I have a port that needs to create a a user of a given name and a given
> default password... I found in the porters guide how to make the account
> but not set the password
Because you must not do that. You can't even reliably do that. There
are many cases where setting the password via any locally-available
method will not work. Some examples:
- The site uses LDAP, AD, etc. and the local system does not have the
PAM configuration to feed back password changes;
- Passwd, pw, etc. are disabled and users may only change their password
at a secure portal;
- Users may not change their passwords at all;
- The system doesn't use user passwords at all.
That last is common in in internet-facing servers, where login access is
keys-only ssh and/or root-only console as a countermeasure against
dictionary attacks.
Your port can't detect these policies and can't work around them. The
best you can do is include documentation stating what needs access above
a login-disabled pseudouser.
More information about the freebsd-ports
mailing list