I have an autoyast script that I want to ask for the root password on. It is currently asking for the passwords, however when the install finished it won’t work. I can boot the box using init=/bin/bash and see the password is stored for that user just as I entered it instead of being hashed. I’m assuming that might be the issue, but I’m hoping someone out there can provide some guidance.
Any insight would be great on how I can accomplish this as I have an immediate need to provision a bunch of boxes and want to automate as much as I can.
Can you post your autoyast file, or part of it, so see if it compares to
others we have? I have the following section for ‘root’ in my
autoyast.xml file from a SLES 11 SP2 x86_64 box, though I am not having it
prompt me; how does that change compared to your file where it does prompt?
I tried leaving no password for root in the user section of the autoinst file and also tried with a different, generic password for root in the user section. They both wind up setting the password unhashed in the /etc/shadow and all authentication attempts fail.
Here are the two sections:
<ask>
<title>PASSWORD FOR USER root</title>
<pathlist config:type="list">
<path>users,11,user_password</path>
</pathlist>
<question>Enter root password</question>
<stage>initial</stage>
<help>Enter the password for the superuser "root".</help>
<password config:type="boolean">true</password>
</ask>
<user>
<encrypted config:type="boolean">true</encrypted>
<fullname>root</fullname>
<gid>0</gid>
<home>/root</home>
<password_settings>
<expire>
</expire>
<flag>
</flag>
<inact>
</inact>
<max>
</max>
<min>
</min>
<warn>
</warn>
</password_settings>
<shell>/bin/bash</shell>
<uid>0</uid>
<user_password>$2y$05$WN9jE4A3PGkhRwNZmpcTWeu0OsIlXhogfE5oYY0hr5u3R/pL5fxD.</user_password>
<username>root</username>
</user>
have you tried to set “encrypted” to “false”? AFAIK, that flag describes the state of the password entered in the autoyast file, not the target state in the password store.
Still no joy. When I attempt to login it says Permissiosn on the password database may be too restrictive and when looking at /etc/shadow the password is still not hashed.
was that you tried “without the tag as well”? Anyhow, I’ve asked someone who’s currently working with autoyast files to test this. It may take until next week that he will find time to actually perform these tests, I’ll let you know once I receive his results.
I received a first feedback - actually he had a setup running today, although for openSUSE, not for SLES. Anyhow, with the openSUSE version, putting a clear-text password into the autoyast file and omitting the “” tag, the resulting /etc/shadow contained a properly encrypted version of the password.
I’m not sure when/if he’ll run the next autoyasted SLES11 install, but for us, the versions haven’t behaved much differently so far. And the feedback I received was “should work similarly with SLES11”.