[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Debian packages and Bruce Hohl Install
- Subject: Re: Debian packages and Bruce Hohl Install
- From: John Hasler <..hidden..>
- Date: Wed, 13 Dec 2006 11:32:18 -0600
Chris Travers wrote:
> Currently the thinking is that we don't want to set the system up with
> default passwords which would allow anyone a window into accessing the
> applicaiton remotely. Making it "just work" on installation is
> unfortunately at odds with that idea.
On Linux that problem is easily solved by creating a unique default
password during installation. I have done this in the Debian Chrony
package. Works well. Here is the relevant part of the postinst:
# As this a new install generate a key. Remove any keyfile left by a failed install.
rm -rf /etc/chrony/chrony.keys
KEYFILE=`tempfile -m 640 -n /etc/chrony/chrony.keys`
PASSWORD=`head -c 8 /dev/urandom | tr '\0-\377' 'a-zA-Z0-9a-zA-Z0-9a-zA-Z0-9a-zA-Z0-9@@@@####'`
echo "1 $PASSWORD" > $KEYFILE
MAILPASSWORD="The password for chronyc is in $KEYFILE."
# And tell root about the key and the rtc setting.
if `which /usr/bin/mail > /dev/null`; then
/usr/bin/mail -s "Chrony" root <<EOF
$MAILPASSWORD
$MAILUTC
In the chrony.conf included in this package:
Chrony has been configured on the assumption that you are using either a dialup
connection or a PPPoE DSL connection. It will be brought online when PPP
comes up and offline when it goes down. If this is not correct you should edit
/etc/chrony/chrony.conf. The comments explain what to do. For more
information on configuring Chrony use the command 'info chrony'.
You can also change the default time servers in /etc/chrony/chrony.conf.
Updating of the real-time clock has been enabled but some systems that use
either the genrtc driver or have HPET hardware clocks have problems. To
disable real-time clock updating edit /etc/chrony/chrony.conf. The
comments explain what to do.
EOF
--
John Hasler
..hidden..
Elmwood, WI USA