Javier Palacios wrote: The RPM install of course will not ask for the password. /usr/bin/cobbler-setup is just a tool to run that sets up your modules.conf and settings file for you, after RPM install. I would prefer to ask in that case, doing something automatically would be non-obvious and probably not correct for most folks. I definitely don't want my main install server to have the same root password as every machine in my datacenter. The /usr/bin/cobbler-setup tool asking is a good idea, "cobbler check" will still warn if folks set things up manually. --Michael

Dustin Black wrote: The issue I have is that I don't think all of our users are clueful enough on how to replace the password hash. Cobbler walks a line between being a very powerful tool for complex installations but something that's also trivially easy to use out of the box. --Michael

IMHO: enabling by default is not a good idea so I'm with Michael. The snippet approach suits my environment just fine. /marcel This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.

Mathieu Sauve-Frankel wrote: I like this. cobbler passwd --template=path or: cobbler passwd --all or cobbler passwd --stock-templates-only Saves the trouble of launching system-config-kickstart just to generate a hash and see what it would look like.

Mike M wrote: Cool. It's just some light regular expression magic. I'll do this. --Michael.

Harry Hoffman wrote: We could perhaps generate one on an install by install basis (using the magic of Cheetah), but we also then need to store that in cobbler in a way that is retrievable by the admin so they can know it if they need to log in. Cobbler's storage is read-only for this, so that is suboptimal. Of course a user can, if they so wish, modify the password in %post. It's hard to pick something that is good for everyone that still works cleanly for fully automated installs without a lot of extra setup and confusion. So right now the docs say "run cobbler check" and that will warn you about the default. Naturally the passwords are readable, but it's a hash, and there is a well known tradeoff between the ability to automate a deployment that is administerable and the security of that deployment. Files deployed are by their very nature public, but if the user wants to scramble passwords in %post, that's fair game. However apg is not in RHEL. If we were to tighten permissions on Cobbler state files and make it impossible to retrieve the password stored in cobbler via XMLRPC, we could do per-system root password generation as an option, though that's a pretty major RFE that we'd probably need to look at for 1.4 Much of this is more of a documentation item as each site will have their own preferences. --Michael

Is this really a big problem? I assume most people using cobbler either have a post-configuration tool (like us), or immediately jump in to configure the server. It doesn't really seem like cobbler should concern itself too heavily with security, people shouldn't be building on public networks with ssh over root enabled by default. I don't plan to change away from the default of 'cobbler' because puppet kicks in within a few minutes to set it to something else. On Thu, Oct 16, 2008 at 11:56 AM, Michael DeHaan <mdehaan(a)redhat.com&gt; wrote: