diff --git a/roles/iiab-admin/defaults/main.yml b/roles/iiab-admin/defaults/main.yml index b1782eeec..be997eddb 100644 --- a/roles/iiab-admin/defaults/main.yml +++ b/roles/iiab-admin/defaults/main.yml @@ -1,6 +1,21 @@ # Must keep roles/0-init/defaults/main.yml sync'd ? (Seems no longer true as of 2018-10-15) -iiab_admin_install: True +# Set iiab_admin_user_install: False if you don't want iiab_admin_user & wheel +# group auto-created in roles/iiab-admin/tasks/main.yml (hence disabling sudo- +# checks/warnings of published passwds like pi/raspberry & iiab-admin/g0adm1n). +iiab_admin_user_install: True +# If iiab_admin_user_install: False, set iiab_admin_user (below) to an existing +# Linux user that has sudo access, for login to Admin Console http://box/admin -# Oddly this is used by roles/usb-lib/tasks/main.yml to set group perm for /library/www/html/local_content +# ODDLY THIS IS ALSO USED BY roles/usb-lib/tasks/main.yml to set group perm for /library/www/html/local_content iiab_admin_user: iiab-admin + +# For live checks/alerts on published pwds +iiab_admin_published_pwd: g0adm1n + +# Password hash to override above, if Ansible creates above user: +iiab_admin_pwd_hash: $6$xsce51$D.IrrEeLBYIuJkGDmi27pZUGOwPFp98qpl3hxMwWV4hXigFGmdSvy3s/j7tn6OnyTTLmlV7SsN0lCUAFzxSop. +# Obtain a password hash - NEW MORE SECURE WAY: +# python3 -c 'import crypt; print(crypt.crypt("", crypt.mksalt(crypt.METHOD_SHA512)))' +# Obtain a password hash - OLD WAY: +# python -c 'import crypt; print crypt.crypt("<plaintext>", "$6$<salt>")'