--- Begin Message ---
I have setup the new functionality according to the instructions from
[1] and [2], and tested various hashed and non-hashed passwords. The
only potential improvement would be to check if the provided hash is
valid because passing an invalid hash makes it rather impossible to
login after the installation. While it's not possible to fully verify
the validity of a hash, you could verify if it has the correct length
and only consists of hexadecimal characters (0-9, A-F).
Other than that it works great.
[1] https://wiki.intra.proxmox.com/index.php/Testing_Installer_Changes
[2] https://pve.proxmox.com/wiki/Automated_Installation
On 7/15/24 09:56, Christoph Heiss wrote:
This series adds a new answer option `global.root_password_hashed`
for the auto-installer, enabling administrators to specify the root
password of the new installation in a hashed format - as generated by
e.g. mkpasswd(1) - instead of plain-text.
Administrators/users might want to avoid passing along a plain-text
password with the different answer-fetching methods supported by the
auto-installer, for obvious reasons.
While this of course does not provide full security, sending a hashed
password might still be preferred by administrators over plain text.
Tested by installing using the GUI and TUI (to ensure no regressions
can happen) and using the auto-installer, once with `root_password` set
(again testing for potential regressions) and once with
`global.root_password_hashed` set instead, testing the new
functionality.
First two patches are small cleanups and may be applied independently.
v1: https://lists.proxmox.com/pipermail/pve-devel/2024-May/063949.html
Notable changes v1 -> v2:
* rebased on latest master
* fixed rebase mistake
* merged previous patch #4/#5 for consistency across crates
* improved validation in auto-installer
Christoph Heiss (6):
common: move `PasswordOptions` type to tui crate
tui-installer: remove `Debug` implementation for password options
low-level: change root password option to contain either plaintext or
hash
{auto,tui}-installer: adapt to new `root_password` plain/hashed setup
option
auto-installer: add new `global.root_password_hashed` answer option
auto-installer: add test for hashed root password option
Proxmox/Install.pm | 25 ++++++++++++++++---
Proxmox/Install/Config.pm | 20 ++++++++++++---
proxinstall | 4 +--
proxmox-auto-installer/src/answer.rs | 3 ++-
proxmox-auto-installer/src/utils.rs | 21 ++++++++++++++--
.../resources/parse_answer/disk_match.json | 2 +-
.../parse_answer/disk_match_all.json | 2 +-
.../parse_answer/disk_match_any.json | 2 +-
.../parse_answer/hashed_root_password.json | 20 +++++++++++++++
.../parse_answer/hashed_root_password.toml | 14 +++++++++++
.../tests/resources/parse_answer/minimal.json | 2 +-
.../resources/parse_answer/nic_matching.json | 2 +-
.../resources/parse_answer/specific_nic.json | 2 +-
.../tests/resources/parse_answer/zfs.json | 2 +-
proxmox-installer-common/src/options.rs | 15 -----------
proxmox-installer-common/src/setup.rs | 12 +++++++--
proxmox-tui-installer/src/main.rs | 4 +--
proxmox-tui-installer/src/options.rs | 20 ++++++++++++---
proxmox-tui-installer/src/setup.rs | 10 ++++++--
19 files changed, 140 insertions(+), 42 deletions(-)
create mode 100644
proxmox-auto-installer/tests/resources/parse_answer/hashed_root_password.json
create mode 100644
proxmox-auto-installer/tests/resources/parse_answer/hashed_root_password.toml
--- End Message ---
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
