RE: 答复: Update (or generate) /etc/ipmi_pass file

Zhao, Jiaqing jiaqing.zhao at intel.com
Fri Jan 7 04:09:45 AEDT 2022


Even you set minlen=0 in /etc/pam.d/common-password, the password length will still be checked by pam-cracklib. Pam-cracklib will call FascistCheck() function of cracklib, and inside cracklib, it will call FascistLookUser(), which also checkes the password length and there is no way to bypass it unless you modify cracklib code. The minimum length forced by cracklib is 6.

https://github.com/cracklib/cracklib/blob/c66d74fc38e1632726da8230714bf62f6128e212/src/lib/fascist.c#L721

FascistLookUser() also contain other implicit conditions your password must met. Please also be careful about them.

Of course, you can comment out the pam_cracklib.so to bypass all these checks.

From: openbmc <openbmc-bounces+jiaqing.zhao=intel.com at lists.ozlabs.org> On Behalf Of Johnathan Mantey
Sent: Friday, January 7, 2022 00:55
To: Xiaochao Ma (马小超) <maxiaochao at inspur.com>; mine260309 at gmail.com
Cc: openbmc at lists.ozlabs.org
Subject: Re: 答复: Update (or generate) /etc/ipmi_pass file

The OBMC PAM requires the password to be 8 characters in length, and probably requires a numeral as well.
I realize you want to get to a 5 character password.
I recommend you try adding a user with a password that works with the existing rules to see if your automated creation method works. After that you can try creating shorter passwords.
On 1/5/22 23:02, Xiaochao Ma (马小超) wrote:

Sorry I didn't explain some of the methods I tried  : (



1. I tried the method you mentioned, but failed.

The length of the password I want to set is 5 digits.

I modified the complexity setting via /etc/pam.d/common-password, but still cannot set a 5-digit password. (The setting for reducing the length requirement failed to take effect)



2. I also tried to temporarily remove pam_cracklib.so in /etc/pam.d/common-pasword so that it does not perform complexity detection. Failed very directly......



-----邮件原件-----

发件人: Lei YU [mailto:mine260309 at gmail.com]

发送时间: 2022年1月6日 14:41

收件人: Xiaochao Ma (马小超) <maxiaochao at inspur.com><mailto:maxiaochao at inspur.com>

抄送: openbmc at lists.ozlabs.org<mailto:openbmc at lists.ozlabs.org>

主题: Re: Update (or generate) /etc/ipmi_pass file



On Thu, Jan 6, 2022 at 11:39 AM Xiaochao Ma (马小超) <maxiaochao at inspur.com><mailto:maxiaochao at inspur.com> wrote:



Hello everyone







I now want to add a default user to my own machine (I modified

obmc-phosphor-image.bbappend, use the useradd… ),



but the new default user cannot use Ipmi. It is because the ipmi_pass file is not updated.



  I couldn't find a method/tool to generate ipmi_pass file. So how can I generate a new ipmi_pass file?





What I do is to use qemu or a real BMC, adjust the ipmi username/passwords, and then copy the ipmi_pass out.

--
Johnathan Mantey
Senior Software Engineer
azad technology partners
Contributing to Technology Innovation since 1992
Phone: (503) 712-6764
Email: johnathanx.mantey at intel.com<mailto:johnathanx.mantey at intel.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20220106/19c4d896/attachment.htm>


More information about the openbmc mailing list