mirror of
https://github.com/iiab/iiab.git
synced 2025-03-09 15:40:17 +00:00
Softcode {{ iiab_admin_user }} for iiab-admin's published password?
Unclear this is a good idea. As what was an accurate warning is now misleading, as a result of this commit. But I suppose it doesn't hurt, e.g. if other administrative accounts also have this same published password.
This commit is contained in:
parent
09dce33dd8
commit
fd4a8463f6
1 changed files with 3 additions and 3 deletions
|
@ -36,9 +36,9 @@ check_user_pwd() {
|
||||||
[ $(python3 -c "import crypt; print(crypt.crypt('$2', '\$$meth\$$salt'))") == "\$$meth\$$salt\$$hash" ]
|
[ $(python3 -c "import crypt; print(crypt.crypt('$2', '\$$meth\$$salt'))") == "\$$meth\$$salt\$$hash" ]
|
||||||
}
|
}
|
||||||
|
|
||||||
if check_user_pwd "iiab-admin" "g0adm1n"; then
|
if check_user_pwd "{{ iiab_admin_user }}" "g0adm1n"; then # iiab-admin
|
||||||
echo
|
echo
|
||||||
echo $(/usr/bin/gettext "The published password for user 'iiab-admin' is in use.")
|
echo $(/usr/bin/gettext "The published password for user '{{ iiab_admin_user }}' is in use.")
|
||||||
echo $(/usr/bin/gettext "THIS IS A SECURITY RISK - please run 'sudo passwd iiab-admin' to change it.")
|
echo $(/usr/bin/gettext "THIS IS A SECURITY RISK - please run 'sudo passwd {{ iiab_admin_user }}' to change it.")
|
||||||
echo
|
echo
|
||||||
fi
|
fi
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue