Expired Password Service

Andrew Geissler geissonator at gmail.com
Sat Sep 28 05:57:16 AEST 2019


As a part of the expired password design[1], I created a new service under
phospher-user-manager that can be optionally included in your builds. This
service will expire the root password and then disable itself. The idea being
it runs on a factory reset or in a situation where a flash chip has been
completely rewritten. It does not run when just doing a firmware update.

https://gerrit.openbmc-project.xyz/c/openbmc/meta-phosphor/+/25615

We're still working through the IMAGE feature aspect but any feedback would
be appreciated.

Ratan/Richard are you ok with this as a feature in phosphor-user-manager?

Does anyone know of a better way then what I did to ensure we don't run this
service in a code update scenario? Keying off of a dropbear file seems a bit
hacky but ensuring we don't run this service when a user is just updating
from an image that didn't have this feature to one that does seems critical.

Andrew

[1]: https://github.com/openbmc/docs/blob/master/designs/expired-password.md


More information about the openbmc mailing list