[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Debian packages and Bruce Hohl Install

Chris Travers wrote:
> Currently the thinking is that we don't want to set the system up with
> default passwords which would allow anyone a window into accessing the
> applicaiton remotely.  Making it "just work" on installation is
> unfortunately at odds with that idea.

On Linux that problem is easily solved by creating a unique default
password during installation.  I have done this in the Debian Chrony
package.  Works well.  Here is the relevant part of the postinst:

# As this a new install generate a key.  Remove any keyfile left by a failed install.
    rm -rf /etc/chrony/chrony.keys
    KEYFILE=`tempfile -m 640 -n /etc/chrony/chrony.keys`
    PASSWORD=`head -c 8 /dev/urandom | tr '\0-\377' 'a-zA-Z0-9a-zA-Z0-9a-zA-Z0-9a-zA-Z0-9@@@@####'`
    echo "1 $PASSWORD" > $KEYFILE
    MAILPASSWORD="The password for chronyc is in $KEYFILE."

# And tell root about the key and the rtc setting.
    if `which /usr/bin/mail > /dev/null`; then
        /usr/bin/mail -s "Chrony" root <<EOF



In the chrony.conf included in this package:

Chrony has been configured on the assumption that you are using either a dialup
connection or a PPPoE DSL connection.  It will be brought online when PPP
comes up and offline when it goes down.  If this is not correct you should edit
/etc/chrony/chrony.conf.  The comments explain what to do.  For more
information on configuring Chrony use the command  'info chrony'.

You can also change the default time servers in  /etc/chrony/chrony.conf.

Updating of the real-time clock has been enabled but some systems that use
either the genrtc driver or have HPET hardware clocks have problems.  To
disable real-time clock updating edit /etc/chrony/chrony.conf.  The
comments explain what to do.


John Hasler 
Elmwood, WI USA