external/iiab
1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-03-09 15:40:17 +00:00
Code Issues Releases Wiki Activity

Softcode {{ iiab_admin_user }} for iiab-admin's published password?

Browse source 
Unclear this is a good idea.

As what was an accurate warning is now misleading, as a result of this commit.

But I suppose it doesn't hurt, e.g. if other administrative accounts also have this same published password.
This commit is contained in:
A Holt 2020-10-10 13:13:45 -04:00 committed by GitHub
parent 09dce33dd8
commit fd4a8463f6
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

6
roles/iiab-admin/templates/sshpwd-profile-iiab.sh
View file

@ -36,9 +36,9 @@ check_user_pwd() {
[ $(python3 -c "import crypt; print(crypt.crypt('$2', '\$$meth\$$salt'))") == "\$$meth\$$salt\$$hash" ] [ $(python3 -c "import crypt; print(crypt.crypt('$2', '\$$meth\$$salt'))") == "\$$meth\$$salt\$$hash" ]
} }
if check_user_pwd "iiab-admin" "g0adm1n"; then if check_user_pwd "{{ iiab_admin_user }}" "g0adm1n"; then # iiab-admin
echo echo
echo $(/usr/bin/gettext "The published password for user 'iiab-admin' is in use.") echo $(/usr/bin/gettext "The published password for user '{{ iiab_admin_user }}' is in use.")
echo $(/usr/bin/gettext "THIS IS A SECURITY RISK - please run 'sudo passwd iiab-admin' to change it.") echo $(/usr/bin/gettext "THIS IS A SECURITY RISK - please run 'sudo passwd {{ iiab_admin_user }}' to change it.")
echo echo
fi fi