Re: automatic password generation
john@dhh.gt.org writes:
> Chrony (essentially an xntp3 clone) includes two binaries: a daemon that
> runs as root and a control program that runs in user space. To perform
> certain operations the user running the control program must provide a
> password which is stored in a file readable only by root. I want the
> chrony package to install in a configuration that will "just work" on most
> systems. To do that I must put a password in that file. I don't want to
> put in a default password as most users will not change it, but I don't
> want to go to an interactive postinst either. A solution I came up with is
> to generate and install a unique random password in the postinst.
>
> IS this ok with policy? Am I missing any obvious problems?
I'm just curious - how are you going to do this? The best way I came
up with was:
PASS=`head --bytes=16 /dev/urandom | md5sum`
I'm certain you could use od instead of md5sum, but I doubt it looks
as simple as this. (Oh and I suppose people can argue about
/dev/random vs. /dev/urandom, but for your purposes /dev/urandom
should be fine - also note that /dev/random might cause the process to
freeze temporarily if the entropy pool has been depleted).
Reply to: