I'm trying to increase the security of a remaster distro meant to be ran live and used online. To avoid tempting the user into:
- not changing their password
- not creating a new password, or
- using an auto login user
I'm changing the password at the gdm and creating a popup window that gives the passwords to the user to sign in.
At this point in time, this is what is what is going on:
- passwords sometimes successfully changed.
- some user passwords are changed, others not
- old passwords are never left, so if the passwords are not changed successfully, then there is a lock out, reboot needed
What can I do to the start up script to ensure the passwords are definitely changed?
password python code call, for the user manager:
os.system("usermod -p `mkpasswd -H md5 " + managerPassword + "` manager")
startup script:
# create new passwords at login
task
# the following "start on" from gdm.conf, has helped, but not solved
start on (filesystem
and started dbus
and (drm-device-added card0 PRIMARY_DEVICE_FOR_DISPLAY=1
or stopped udevtrigger)) or initpasswd
script
python /initpasswd/initpasswd-sleep.py # a little sleep has helped, not solved
python /initpasswd/initpasswd.py # password reset script
echo "" > /initpasswd/initpasswd.py # so it resets only once at gdm per boot
end script
You could skip most of this, and simply use password aging to set up a passwordless login that requires a change of password at first login. See
man chage, and this explanation of password aging./usr/bin/chageis in thepasswdpackage on my Ubuntu 11.10. This is another good explanation.