diff options
| author | Samuel Thibault <sthibault@debian.org> | 2010-11-11 23:50:37 +0000 |
|---|---|---|
| committer | Samuel Thibault <sthibault@debian.org> | 2010-11-11 23:50:37 +0000 |
| commit | d76f2f14f32c5152a07ef65928fb918916c02195 (patch) | |
| tree | fc5dee63c21c876bb464c0adb8cd0e4f0a0e7596 /nl | |
| parent | 572f76a8d1b10c26c32bb399a8f41fdb2d03d7cb (diff) | |
| download | installation-guide-d76f2f14f32c5152a07ef65928fb918916c02195.zip | |
* Move user setup to before clock setup in "Automating the installation using preseeding".
Diffstat (limited to 'nl')
| -rw-r--r-- | nl/appendix/preseed.xml | 138 |
1 files changed, 69 insertions, 69 deletions
diff --git a/nl/appendix/preseed.xml b/nl/appendix/preseed.xml index 58608478a..a80fb15d2 100644 --- a/nl/appendix/preseed.xml +++ b/nl/appendix/preseed.xml @@ -944,6 +944,75 @@ d-i mirror/http/proxy string </sect2> + <sect2 id="preseed-account"> + <title>Account setup</title> +<para> + +The password for the root account and name and password for a first regular +user's account can be preseeded. For the passwords you can use either clear +text values or MD5 <emphasis>hashes</emphasis>. + +</para> +<warning><para> + +Be aware that preseeding passwords is not completely secure as everyone +with access to the preconfiguration file will have the knowledge of these +passwords. Using MD5 hashes is considered slightly better in terms of +security but it might also give a false sense of security as access to a +MD5 hash allows for brute force attacks. + +</para></warning> + +<informalexample role="example"><screen> +# Skip creation of a root account (normal user account will be able to +# use sudo). +#d-i passwd/root-login boolean false +# Alternatively, to skip creation of a normal user account. +#d-i passwd/make-user boolean false + +# Root password, either in clear text +#d-i passwd/root-password password r00tme +#d-i passwd/root-password-again password r00tme +# or encrypted using an MD5 hash. +#d-i passwd/root-password-crypted password [MD5 hash] + +# To create a normal user account. +#d-i passwd/user-fullname string Debian User +#d-i passwd/username string debian +# Normal user's password, either in clear text +#d-i passwd/user-password password insecure +#d-i passwd/user-password-again password insecure +# or encrypted using an MD5 hash. +#d-i passwd/user-password-crypted password [MD5 hash] +# Create the first user with the specified UID instead of the default. +#d-i passwd/user-uid string 1010 + +# The user account will be added to some standard initial groups. To +# override that, use this. +#d-i passwd/user-default-groups string audio cdrom video +</screen></informalexample> + +<para> + +The <classname>passwd/root-password-crypted</classname> and +<classname>passwd/user-password-crypted</classname> variables can also +be preseeded with <quote>!</quote> as their value. In that case, the +corresponding account is disabled. This may be convenient for the root +account, provided of course that an alternative method is set up to allow +administrative activities or root login (for instance by using SSH key +authentication or <command>sudo</command>). + +</para><para> + +The following command can be used to generate an MD5 hash for a password: + +<informalexample><screen> +$ printf "r00tme" | mkpasswd -s -m md5 +</screen></informalexample> + +</para> + </sect2> + <sect2 id="preseed-time"> <title>Clock and time zone setup</title> @@ -1215,75 +1284,6 @@ installation. The only questions asked concern the installation of the kernel. </sect2> - <sect2 id="preseed-account"> - <title>Account setup</title> -<para> - -The password for the root account and name and password for a first regular -user's account can be preseeded. For the passwords you can use either clear -text values or MD5 <emphasis>hashes</emphasis>. - -</para> -<warning><para> - -Be aware that preseeding passwords is not completely secure as everyone -with access to the preconfiguration file will have the knowledge of these -passwords. Using MD5 hashes is considered slightly better in terms of -security but it might also give a false sense of security as access to a -MD5 hash allows for brute force attacks. - -</para></warning> - -<informalexample role="example"><screen> -# Skip creation of a root account (normal user account will be able to -# use sudo). -#d-i passwd/root-login boolean false -# Alternatively, to skip creation of a normal user account. -#d-i passwd/make-user boolean false - -# Root password, either in clear text -#d-i passwd/root-password password r00tme -#d-i passwd/root-password-again password r00tme -# or encrypted using an MD5 hash. -#d-i passwd/root-password-crypted password [MD5 hash] - -# To create a normal user account. -#d-i passwd/user-fullname string Debian User -#d-i passwd/username string debian -# Normal user's password, either in clear text -#d-i passwd/user-password password insecure -#d-i passwd/user-password-again password insecure -# or encrypted using an MD5 hash. -#d-i passwd/user-password-crypted password [MD5 hash] -# Create the first user with the specified UID instead of the default. -#d-i passwd/user-uid string 1010 - -# The user account will be added to some standard initial groups. To -# override that, use this. -#d-i passwd/user-default-groups string audio cdrom video -</screen></informalexample> - -<para> - -The <classname>passwd/root-password-crypted</classname> and -<classname>passwd/user-password-crypted</classname> variables can also -be preseeded with <quote>!</quote> as their value. In that case, the -corresponding account is disabled. This may be convenient for the root -account, provided of course that an alternative method is set up to allow -administrative activities or root login (for instance by using SSH key -authentication or <command>sudo</command>). - -</para><para> - -The following command can be used to generate an MD5 hash for a password: - -<informalexample><screen> -$ printf "r00tme" | mkpasswd -s -m md5 -</screen></informalexample> - -</para> - </sect2> - <sect2 id="preseed-apt"> <title>Apt setup</title> <para> |