rootpw=<encrypted_password>
sets a temporary root password, change is forced on first login
password is crypted, same as Kickstart option rootpw --iscrypted
WARNING: use for debugging only, this is not secure!
Signed-off-by: Alan Pevec <apevec at redhat.com>
---
scripts/ovirt-early | 22 ++++++++++++++++++++++
1 files changed, 22 insertions(+), 0 deletions(-)
diff --git a/scripts/ovirt-early b/scripts/ovirt-early
index cdd4afd..d31f3ed 100755
--- a/scripts/ovirt-early
+++ b/scripts/ovirt-early
@@ -203,6 +203,12 @@ start() {
# enter emergency shell for fixing configuration issues
rescue
+ # rootpw=<encrypted_password>
+ # sets a temporary root password, change is forced on first login
+ # password is crypted, same as Kickstart option rootpw --iscrypted
+ # WARNING: use for debugging only, this is not secure!
+ rootpw+
# pxelinux format:
ip=<client-ip>:<boot-server-ip>:<gw-ip>:<netmask>
# anaconda format: ip=<client-ip> netmask=<netmask>
gateway=<gw-ip>
# ipv6=dhcp|auto
@@ -321,6 +327,9 @@ start() {
rescue)
rescue=1
;;
+ rootpw=*)
+ rootpw=${i#rootpw=}
+ ;;
ovirt_overcommit*)
i=${i#ovirt_overcommit=}
@@ -404,6 +413,19 @@ start() {
fi
fi
+ if [ -n "$rootpw" ]; then
+ log "Setting temporary root password: $rootpw"
+ unmount_config /etc/passwd /etc/shadow
+ /usr/sbin/usermod -p $rootpw root
+ chage -d 0 root
+ # PAM will force password change at first login
+ # so make sure we persist it after a successful login
+ cat >> /root/.bash_profile << EOF
+# added by ovirt-early
+persist /etc/passwd /etc/shadow
+EOF
+ fi
+
if [ "$rescue" = 1 ]; then
log "Rescue mode requested, starting emergency shell"
stop_log
--
1.6.0.6