Design proposal to Non-Interactive password update for REST client
Kenneth Wilke
kenneth.wilke at RACKSPACE.COM
Sat Aug 12 04:10:17 AEST 2017
Makes sense, sounds like a good route to me
________________________________
From: vishwa <vishwa at linux.vnet.ibm.com>
Sent: Friday, August 11, 2017 12:11:01 PM
To: Kenneth Wilke; OpenBMC Maillist
Subject: Re: Design proposal to Non-Interactive password update for REST client
Sorry, I should have mentioned that I had looked at that option.
For `chpasswd`, I need to fork a process but with `putspent` I can do in same process.
On 08/11/2017 10:20 PM, Kenneth Wilke wrote:
Could chpasswd be used for that?
________________________________
From: openbmc <openbmc-bounces+kenneth.wilke=rackspace.com at lists.ozlabs.org><mailto:openbmc-bounces+kenneth.wilke=rackspace.com at lists.ozlabs.org> on behalf of vishwa <vishwa at linux.vnet.ibm.com><mailto:vishwa at linux.vnet.ibm.com>
Sent: Friday, August 11, 2017 11:18:48 AM
To: OpenBMC Maillist
Subject: Design proposal to Non-Interactive password update for REST client
This email is about openbmc/openbmc#1714 ( REST API to update root
password )
Goal is to do Non-interactive password updates to enable a REST client
to update the root password.
My proposal is to use `getspent(3)` and `putspent(3)` and here is the flow.
REST client will provide a method that takes std::string as parameter.
The Provider at the BMC will receive the password and does these:
- Executes `getspent(3)` for "root" and gets the entries.
- Parses the `sp_pwdp` and extracts `encryption method` , `salt`.
- Makes a call to `crypt(3)` with the extracted `salt` and `user
input` and generates encrypted pass-code
- Populates the structure and calls `putspent(3)` to update the password
Please let me know your opinion on this.
Thank you,
!! Vishwa !!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20170811/6baaca27/attachment-0001.html>
More information about the openbmc
mailing list