<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:DengXian;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"\@DengXian";
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
@font-face
{font-family:"Microsoft YaHei";
panose-1:2 11 5 3 2 2 4 2 2 4;}
@font-face
{font-family:"\@Microsoft YaHei";}
@font-face
{font-family:"Century Gothic";
panose-1:2 11 5 2 2 2 2 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal">Even you set minlen=0 in /etc/pam.d/common-password, the password length will still be checked by pam-cracklib. Pam-cracklib will call FascistCheck() function of cracklib, and inside cracklib, it will call FascistLookUser(), which also
checkes the password length and there is no way to bypass it unless you modify cracklib code. The minimum length forced by cracklib is 6.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><a href="https://github.com/cracklib/cracklib/blob/c66d74fc38e1632726da8230714bf62f6128e212/src/lib/fascist.c#L721">https://github.com/cracklib/cracklib/blob/c66d74fc38e1632726da8230714bf62f6128e212/src/lib/fascist.c#L721</a><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">FascistLookUser() also contain other implicit conditions your password must met. Please also be careful about them.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Of course, you can comment out the pam_cracklib.so to bypass all these checks.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> openbmc <openbmc-bounces+jiaqing.zhao=intel.com@lists.ozlabs.org>
<b>On Behalf Of </b>Johnathan Mantey<br>
<b>Sent:</b> Friday, January 7, 2022 00:55<br>
<b>To:</b> Xiaochao Ma (<span lang="ZH-CN" style="font-family:"Microsoft YaHei",sans-serif">马小超</span>) <maxiaochao@inspur.com>; mine260309@gmail.com<br>
<b>Cc:</b> openbmc@lists.ozlabs.org<br>
<b>Subject:</b> Re: <span lang="ZH-CN" style="font-family:"Microsoft YaHei",sans-serif">
答复</span>: Update (or generate) /etc/ipmi_pass file<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt">The OBMC PAM requires the password to be 8 characters in length, and probably requires a numeral as well.<br>
I realize you want to get to a 5 character password.<br>
I recommend you try adding a user with a password that works with the existing rules to see if your automated creation method works. After that you can try creating shorter passwords.<o:p></o:p></p>
<div>
<p class="MsoNormal">On 1/5/22 23:02, Xiaochao Ma (<span lang="ZH-CN" style="font-family:"Microsoft YaHei",sans-serif">马小超</span>) wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<pre>Sorry I didn't explain some of the methods I tried : (<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>1. I tried the method you mentioned, but failed.<o:p></o:p></pre>
<pre>The length of the password I want to set is 5 digits.<o:p></o:p></pre>
<pre>I modified the complexity setting via /etc/pam.d/common-password, but still cannot set a 5-digit password. (The setting for reducing the length requirement failed to take effect)<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>2. I also tried to temporarily remove pam_cracklib.so in /etc/pam.d/common-pasword so that it does not perform complexity detection. Failed very directly......<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>-----<span lang="ZH-CN" style="font-family:DengXian">邮件原件</span>-----<o:p></o:p></pre>
<pre><span lang="ZH-CN" style="font-family:DengXian">发件人</span>: Lei YU [<a href="mailto:mine260309@gmail.com">mailto:mine260309@gmail.com</a>] <o:p></o:p></pre>
<pre><span lang="ZH-CN" style="font-family:DengXian">发送时间</span>: 2022<span lang="ZH-CN" style="font-family:DengXian">年</span>1<span lang="ZH-CN" style="font-family:DengXian">月</span>6<span lang="ZH-CN" style="font-family:DengXian">日</span> 14:41<o:p></o:p></pre>
<pre><span lang="ZH-CN" style="font-family:DengXian">收件人</span>: Xiaochao Ma (<span lang="ZH-CN" style="font-family:DengXian">马小超</span>) <a href="mailto:maxiaochao@inspur.com"><maxiaochao@inspur.com></a><o:p></o:p></pre>
<pre><span lang="ZH-CN" style="font-family:DengXian">抄送</span>: <a href="mailto:openbmc@lists.ozlabs.org">openbmc@lists.ozlabs.org</a><o:p></o:p></pre>
<pre><span lang="ZH-CN" style="font-family:DengXian">主题</span>: Re: Update (or generate) /etc/ipmi_pass file<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>On Thu, Jan 6, 2022 at 11:39 AM Xiaochao Ma (<span lang="ZH-CN" style="font-family:DengXian">马小超</span>) <a href="mailto:maxiaochao@inspur.com"><maxiaochao@inspur.com></a> wrote:<o:p></o:p></pre>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<pre><o:p> </o:p></pre>
<pre>Hello everyone<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre><o:p> </o:p></pre>
<pre><o:p> </o:p></pre>
<pre>I now want to add a default user to my own machine (I modified <o:p></o:p></pre>
<pre>obmc-phosphor-image.bbappend, use the useradd… ),<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>but the new default user cannot use Ipmi. It is because the ipmi_pass file is not updated.<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre> I couldn't find a method/tool to generate ipmi_pass file. So how can I generate a new ipmi_pass file?<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
</blockquote>
<pre><o:p> </o:p></pre>
<pre>What I do is to use qemu or a real BMC, adjust the ipmi username/passwords, and then copy the ipmi_pass out.<o:p></o:p></pre>
</blockquote>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt">-- <br>
<span style="font-family:"Century Gothic",sans-serif;color:#1F497D">Johnathan Mantey<br>
</span><span style="font-size:7.5pt;font-family:"Century Gothic",sans-serif;color:#1F497D">Senior Software Engineer</span><span style="font-family:"Century Gothic",sans-serif;color:#1F497D"><br>
</span><b><span style="font-size:10.0pt;font-family:"Century Gothic",sans-serif;color:#555555">azad technology partners</span></b><span style="font-size:12.0pt;font-family:"Century Gothic",sans-serif;color:#555555"><br>
</span><span style="font-size:7.5pt;font-family:"Century Gothic",sans-serif;color:#1F497D">Contributing to Technology Innovation since 1992</span><span style="font-size:7.5pt;font-family:"Century Gothic",sans-serif;color:#555555"><br>
</span><span style="font-size:7.5pt;font-family:"Century Gothic",sans-serif;color:#1F497D">Phone: (503) 712-6764<br>
Email: <a href="mailto:johnathanx.mantey@intel.com">johnathanx.mantey@intel.com</a></span><o:p></o:p></p>
</div>
</div>
</body>
</html>