<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:宋体;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:等线;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:微软雅黑;
panose-1:2 11 5 3 2 2 4 2 2 4;}
@font-face
{font-family:"\@等线";
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:"\@宋体";
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:"\@微软雅黑";
panose-1:2 11 5 3 2 2 4 2 2 4;}
@font-face
{font-family:"Century Gothic";
panose-1:2 11 5 2 2 2 2 2 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML 预设格式 Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
span.HTMLChar
{mso-style-name:"HTML 预设格式 Char";
mso-style-priority:99;
mso-style-link:"HTML 预设格式";
font-family:"Courier New";}
p.HTMLPreformatted, li.HTMLPreformatted, div.HTMLPreformatted
{mso-style-name:"HTML Preformatted";
mso-style-link:"HTML Preformatted Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;}
span.EmailStyle21
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle22
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=ZH-CN link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span lang=EN-US style='font-size:10.5pt;color:#1F497D'>Thank you for your explanation about cracklib!<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.5pt;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.5pt;color:#1F497D'>What should I do to "comment out" correctly?<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.5pt;color:#1F497D'>(I just started to learn ‘pam’ recently, I may not have enough in-depth understanding)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.5pt;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.5pt;color:#1F497D'>I once tried to add a ‘#’ to the line containing ‘pam_cracklib.so’ in /etc/common-password.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.5pt;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.5pt;color:#1F497D'>But when other modules execute pam_get_authtok(), an error will occur...<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.5pt;color:#1F497D'>But I can't go into it...can't find its source code...<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.5pt;color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span style='font-family:"微软雅黑",sans-serif'>发件人<span lang=EN-US>:</span></span></b><span lang=EN-US style='font-family:"微软雅黑",sans-serif'> Zhao, Jiaqing [mailto:jiaqing.zhao@intel.com] <br></span><b><span style='font-family:"微软雅黑",sans-serif'>发送时间<span lang=EN-US>:</span></span></b><span lang=EN-US style='font-family:"微软雅黑",sans-serif'> 2022</span><span style='font-family:"微软雅黑",sans-serif'>年<span lang=EN-US>1</span>月<span lang=EN-US>7</span>日<span lang=EN-US> 1:10<br></span><b>收件人<span lang=EN-US>:</span></b><span lang=EN-US> Mantey, JohnathanX <johnathanx.mantey@intel.com>; Xiaochao Ma (</span>马小超<span lang=EN-US>) <maxiaochao@inspur.com>; mine260309@gmail.com<br></span><b>抄送<span lang=EN-US>:</span></b><span lang=EN-US> openbmc@lists.ozlabs.org<br></span><b>主题<span lang=EN-US>:</span></b><span lang=EN-US> RE: </span>答复<span lang=EN-US>: Update (or generate) /etc/ipmi_pass file<o:p></o:p></span></span></p></div></div><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>Even you set minlen=0 in /etc/pam.d/common-password, the password length will still be checked by pam-cracklib. Pam-cracklib will call FascistCheck() function of cracklib, and inside cracklib, it will call FascistLookUser(), which also checkes the password length and there is no way to bypass it unless you modify cracklib code. The minimum length forced by cracklib is 6.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US><a href="https://github.com/cracklib/cracklib/blob/c66d74fc38e1632726da8230714bf62f6128e212/src/lib/fascist.c#L721">https://github.com/cracklib/cracklib/blob/c66d74fc38e1632726da8230714bf62f6128e212/src/lib/fascist.c#L721</a><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>FascistLookUser() also contain other implicit conditions your password must met. Please also be careful about them.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>Of course, you can comment out the pam_cracklib.so to bypass all these checks.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span lang=EN-US>From:</span></b><span lang=EN-US> openbmc <<a href="mailto:openbmc-bounces+jiaqing.zhao=intel.com@lists.ozlabs.org">openbmc-bounces+jiaqing.zhao=intel.com@lists.ozlabs.org</a>> <b>On Behalf Of </b>Johnathan Mantey<br><b>Sent:</b> Friday, January 7, 2022 00:55<br><b>To:</b> Xiaochao Ma (</span><span style='font-family:"微软雅黑",sans-serif'>马小超</span><span lang=EN-US>) <<a href="mailto:maxiaochao@inspur.com">maxiaochao@inspur.com</a>>; <a href="mailto:mine260309@gmail.com">mine260309@gmail.com</a><br><b>Cc:</b> <a href="mailto:openbmc@lists.ozlabs.org">openbmc@lists.ozlabs.org</a><br><b>Subject:</b> Re: </span><span style='font-family:"微软雅黑",sans-serif'>答复</span><span lang=EN-US>: Update (or generate) /etc/ipmi_pass file<o:p></o:p></span></p></div></div><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal style='margin-bottom:12.0pt'><span lang=EN-US>The OBMC PAM requires the password to be 8 characters in length, and probably requires a numeral as well.<br>I realize you want to get to a 5 character password.<br>I recommend you try adding a user with a password that works with the existing rules to see if your automated creation method works. After that you can try creating shorter passwords.<o:p></o:p></span></p><div><p class=MsoNormal><span lang=EN-US>On 1/5/22 23:02, Xiaochao Ma (</span><span style='font-family:"微软雅黑",sans-serif'>马小超</span><span lang=EN-US>) wrote:<o:p></o:p></span></p></div><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><pre><span lang=EN-US>Sorry I didn't explain some of the methods I tried : (<o:p></o:p></span></pre><pre><span lang=EN-US><o:p> </o:p></span></pre><pre><span lang=EN-US>1. I tried the method you mentioned, but failed.<o:p></o:p></span></pre><pre><span lang=EN-US>The length of the password I want to set is 5 digits.<o:p></o:p></span></pre><pre><span lang=EN-US>I modified the complexity setting via /etc/pam.d/common-password, but still cannot set a 5-digit password. (The setting for reducing the length requirement failed to take effect)<o:p></o:p></span></pre><pre><span lang=EN-US><o:p> </o:p></span></pre><pre><span lang=EN-US>2. I also tried to temporarily remove pam_cracklib.so in /etc/pam.d/common-pasword so that it does not perform complexity detection. Failed very directly......<o:p></o:p></span></pre><pre><span lang=EN-US><o:p> </o:p></span></pre><pre><span lang=EN-US>-----</span><span style='font-family:等线'>邮件原件</span><span lang=EN-US>-----<o:p></o:p></span></pre><pre><span style='font-family:等线'>发件人</span><span lang=EN-US>: Lei YU [<a href="mailto:mine260309@gmail.com">mailto:mine260309@gmail.com</a>] <o:p></o:p></span></pre><pre><span style='font-family:等线'>发送时间</span><span lang=EN-US>: 2022</span><span style='font-family:等线'>年</span><span lang=EN-US>1</span><span style='font-family:等线'>月</span><span lang=EN-US>6</span><span style='font-family:等线'>日</span><span lang=EN-US> 14:41<o:p></o:p></span></pre><pre><span style='font-family:等线'>收件人</span><span lang=EN-US>: Xiaochao Ma (</span><span style='font-family:等线'>马小超</span><span lang=EN-US>) <a href="mailto:maxiaochao@inspur.com"><maxiaochao@inspur.com></a><o:p></o:p></span></pre><pre><span style='font-family:等线'>抄送</span><span lang=EN-US>: <a href="mailto:openbmc@lists.ozlabs.org">openbmc@lists.ozlabs.org</a><o:p></o:p></span></pre><pre><span style='font-family:等线'>主题</span><span lang=EN-US>: Re: Update (or generate) /etc/ipmi_pass file<o:p></o:p></span></pre><pre><span lang=EN-US><o:p> </o:p></span></pre><pre><span lang=EN-US>On Thu, Jan 6, 2022 at 11:39 AM Xiaochao Ma (</span><span style='font-family:等线'>马小超</span><span lang=EN-US>) <a href="mailto:maxiaochao@inspur.com"><maxiaochao@inspur.com></a> wrote:<o:p></o:p></span></pre><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><pre><span lang=EN-US><o:p> </o:p></span></pre><pre><span lang=EN-US>Hello everyone<o:p></o:p></span></pre><pre><span lang=EN-US><o:p> </o:p></span></pre><pre><span lang=EN-US><o:p> </o:p></span></pre><pre><span lang=EN-US><o:p> </o:p></span></pre><pre><span lang=EN-US>I now want to add a default user to my own machine (I modified <o:p></o:p></span></pre><pre><span lang=EN-US>obmc-phosphor-image.bbappend, use the useradd… ),<o:p></o:p></span></pre><pre><span lang=EN-US><o:p> </o:p></span></pre><pre><span lang=EN-US>but the new default user cannot use Ipmi. It is because the ipmi_pass file is not updated.<o:p></o:p></span></pre><pre><span lang=EN-US><o:p> </o:p></span></pre><pre><span lang=EN-US> I couldn't find a method/tool to generate ipmi_pass file. So how can I generate a new ipmi_pass file?<o:p></o:p></span></pre><pre><span lang=EN-US><o:p> </o:p></span></pre></blockquote><pre><span lang=EN-US><o:p> </o:p></span></pre><pre><span lang=EN-US>What I do is to use qemu or a real BMC, adjust the ipmi username/passwords, and then copy the ipmi_pass out.<o:p></o:p></span></pre></blockquote><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><div><p class=MsoNormal style='margin-bottom:12.0pt'><span lang=EN-US>-- <br></span><span lang=EN-US style='font-family:"Century Gothic",sans-serif;color:#1F497D'>Johnathan Mantey<br></span><span lang=EN-US style='font-size:7.5pt;font-family:"Century Gothic",sans-serif;color:#1F497D'>Senior Software Engineer</span><span lang=EN-US style='font-family:"Century Gothic",sans-serif;color:#1F497D'><br></span><b><span lang=EN-US style='font-size:10.0pt;font-family:"Century Gothic",sans-serif;color:#555555'>azad technology partners</span></b><span lang=EN-US style='font-size:12.0pt;font-family:"Century Gothic",sans-serif;color:#555555'><br></span><span lang=EN-US style='font-size:7.5pt;font-family:"Century Gothic",sans-serif;color:#1F497D'>Contributing to Technology Innovation since 1992</span><span lang=EN-US style='font-size:7.5pt;font-family:"Century Gothic",sans-serif;color:#555555'><br></span><span lang=EN-US style='font-size:7.5pt;font-family:"Century Gothic",sans-serif;color:#1F497D'>Phone: (503) 712-6764<br>Email: <a href="mailto:johnathanx.mantey@intel.com">johnathanx.mantey@intel.com</a></span><span lang=EN-US><o:p></o:p></span></p></div></div></body></html>