From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 81304C433EF for ; Tue, 24 May 2022 11:17:26 +0000 (UTC) Subject: Forced password change in first login To: openembedded-core@lists.openembedded.org From: "Livius" X-Originating-Location: =?utf-8?q?Stuttgart=2C_Baden-W=C3=BCrttemberg=2C_DE_?= =?utf-8?q?=28194=2E39=2E218=2E10=29?= X-Originating-Platform: Windows Chrome 101 User-Agent: GROUPS.IO Web Poster MIME-Version: 1.0 Date: Tue, 24 May 2022 04:17:24 -0700 Message-ID: Content-Type: multipart/alternative; boundary="S5w5PUIt7oQXmihMUkI3" List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 May 2022 11:17:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/166056 --S5w5PUIt7oQXmihMUkI3 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hi! In extrausers.bbclass ( https://github.com/openembedded/openembedded-core/b= lob/honister/meta/classes/extrausers.bbclass ) there is a quite new=C2=A0pa= sswd-expire ( https://www.mail-archive.com/yocto@lists.yoctoproject.org/msg= 05373.html ) to force password change on first login. I am using honister r= elease now, my experience is that my root user has always an expired passwo= rd in default and i need to change it in every first login of my flashed im= age,=C2=A0even though I pre-configured my root password by usermod -p and i am not using new passwd-expire command. Can i disable that new method somehow to be avoid to change password in fir= st login? --S5w5PUIt7oQXmihMUkI3 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable

Hi!

In extrausers.bbclass there is a quite new passwd-expire to force passw= ord change on first login. I am using honister release now, my experience i= s that my root user has always an expired password in default and i need to= change it in every first login of my flashed image, even though I pre= -configured my root password by usermod -p <hash_pass>&= nbsp;and i am not using new passwd-expire command.

Can i disable that new method somehow to be avoid to change password in = first login?

--S5w5PUIt7oQXmihMUkI3-- From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C8D27C43334 for ; Fri, 3 Jun 2022 21:45:15 +0000 (UTC) Subject: Re: Forced password change in first login To: openembedded-core@lists.openembedded.org From: "Livius" X-Originating-Location: =?utf-8?q?Fegyvernek=2C_J=C3=A1sz-Nagykun-Szolnok=2C?= =?utf-8?q?_HU_=28178=2E48=2E208=2E198=29?= X-Originating-Platform: Windows Chrome 102 User-Agent: GROUPS.IO Web Poster MIME-Version: 1.0 Date: Fri, 03 Jun 2022 14:45:12 -0700 References: In-Reply-To: Message-ID: <11484.1654292712146430411@lists.openembedded.org> Content-Type: multipart/alternative; boundary="98pSkTMgl8RAmr1761ZR" List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 03 Jun 2022 21:45:15 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/166530 --98pSkTMgl8RAmr1761ZR Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Finaly, i found the problem and i could solve it. SHA-256 is too weak to ma= ke a password hash, this is why on first login we need to change password a= lways. Please fix it in Yocto manual ( https://docs.yoctoproject.org/singleindex.h= tml#term-EXTRA_USERS_PARAMS ). When i set it to generate=C2=A0sha512crypt h= ash it works fine, there are no any change request on first login. --98pSkTMgl8RAmr1761ZR Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable

Finaly, i found the problem and i could solve it. SHA-256 is too weak to= make a password hash, this is why on first login we need to change passwor= d always.

Please fix it in  Date: Mon, 18 Jul 2022 22:28:13 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.11.0 Subject: Re: [OE-core] Forced password change in first login Content-Language: en-US To: Livius , openembedded-core@lists.openembedded.org References: <11484.1654292712146430411@lists.openembedded.org> From: Quentin Schulz In-Reply-To: <11484.1654292712146430411@lists.openembedded.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: VI1PR08CA0192.eurprd08.prod.outlook.com (2603:10a6:800:d2::22) To PA4PR04MB9367.eurprd04.prod.outlook.com (2603:10a6:102:2aa::7) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: c79fff33-8161-4cf4-3895-08da68fc0b7b X-MS-TrafficTypeDiagnostic: AM6PR04MB4853:EE_ X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: +55s2fzRTMxtbKFW08lYOQuQS9/SFsABOVYJ95SW7rtsNNM/XdKFJ6Xd9mCe37tVUh7Rgedva8ejspPFEWUM7Z2BQKQUp3B50HSzdU27othV/JTysYVlltKXgO1Yu8adkfEnEzQHBH9MBaqg0U7c/4oX4a4N/jTR6QtuWgYNgTTBNJoTeWhtdK3nalB0UW42Y/0Y88nW1+B6M6VIgsnDkEYynJxx/TafQI29uuPgRc7PpSVtxrIUQ5FgdMLStEGScybXPYAFAr5N0vfCR1G4yzNO5qyGnC1dTcNwIHFeFR5UgK4f74eSXrruZhoO5xtDTFiTEZl6XZuype148o7j34uZyf+Yudz5/ykj/vz71PPp7FiHhPQwnT1OXxL+ba5UuopzqUAJHT983iMqqiG8UEs5V6Bui1CH1YWvrTRXOTlCSIYG9PE1GOEatTqN6HI9gZYH00n6jyYB+1DTQ3oIy5fBLM08UfD1759OVGrHQ5hROzwkUk/tJD1NeeAZ/lbxDcDGnEaC+ChwYt6CCZOK49JRAd1vWzGk5Lvlbl3BAICTI95KaNLQn/krm4M6vyBroVc77mmls10J/+tn/S1KZx/ypo+83JiLJ4VmxXzHkEYNOFUmdY2kFwdbqTLGHIMl/YHkXQMcrAZ1NVQJ7o0Yidv7CjRe6cJBtJ+1XWted+ULaIAf/QFKPjYTrxlz6nDuBRP44v46ZvXCmEiIGp2vN9wznXdIR5QxcODqOSZaIX1iaDuXpEuEJbcVhG/Nt44cMYiAfYCxbcnK0mtKUNRNgPlwPk993ukJgCL9Oy8XIuZQrn68yQOHYcBKgq9XRet2+hnPGRQnA7qBHEEhKqTq7I8bS17D8YXeL6Uo+8bWx5Y= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PA4PR04MB9367.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230016)(136003)(366004)(376002)(396003)(39850400004)(346002)(5660300002)(36756003)(8936002)(2906002)(31686004)(44832011)(31696002)(66556008)(8676002)(316002)(66476007)(478600001)(966005)(186003)(41300700001)(6506007)(38100700002)(6512007)(86362001)(53546011)(6486002)(2616005)(83380400001)(6666004)(66946007)(45980500001)(43740500002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?TAv93C5Dl9CkGgN6ygN7rMDfU6z84r+0ETer1ig9cRaz2/iaMZX/rwwP+dEb?= =?us-ascii?Q?3jBrNoNrZdzempvgA/GVMq/3U3+FEGKC93NnWZ3dKBWyK57AGqbPMkS3l0SA?= =?us-ascii?Q?tmQqZT31qRZsjxHU7MPZIStXb7s/ftxJK+sWZsDkyqHUziBbBTK51A28vDK2?= =?us-ascii?Q?FQXar2iAVt8poDtfZFX2tpH5d8rBVppo5QHXuIgCKfHeUB0o+wF89PrBu3zU?= =?us-ascii?Q?UDQicOJO/HdzdaIWZ8mwZyL5LY+CHGMThhD67fPAu9iA2fzatyqewiFY1Fuj?= =?us-ascii?Q?FH1wKZrhJDKmpwuUHAu2Zf5tKXrBV90wM6lrlwNcGQKumFsxsf5rV284sIgb?= =?us-ascii?Q?XuEXpdvPJQSN2VNVS6VhspL3+P6f1HeTiEz4EzPFLn+1RN+sEj0rBHy13sV1?= =?us-ascii?Q?gPtfkBNhcewNH679omRR3lKmJNlR8JZI5OPojEh0faxewhS1yq4/+CC/PIeJ?= =?us-ascii?Q?Pu+i5tEjAzhREZzmAdVZw3e586qiFnxRHF0ev53jwTLEGztt4xholynZxLWT?= =?us-ascii?Q?QU6lf7FWWswPX7AwjUrp//m3a1mApJtm6r6t3HF/kMjwF4XH2DNt7g5BUSbh?= =?us-ascii?Q?GNEt8cAFP/PZa8CB0seInLaaaqkdLYLnBRNDZ0Il/Td7jIcOM9xy530723rY?= =?us-ascii?Q?9eWaXSVa/rUoAtuPdV4cUEVgQbL9RAmDFR9r92JHTurVHQr4qNdlkyiEVl7v?= =?us-ascii?Q?tGFDDY0u8peB4MRuqD/96D5r2byG1NqRSoiHDDs62XpJpPgHPDcND6ztkCvQ?= =?us-ascii?Q?ODsdlKC8iv0DEsuMaF4cBCWwIkJMxkv9chbKkloQNOsNid0drv4blLqrorRI?= =?us-ascii?Q?GldP1Xn+AlC7bw4LIltSRisZVawE9iahjsa3xUfdk1NqqqqVVsail5eYW24q?= =?us-ascii?Q?ymdjW+Zmb/rEwsWgbWckTWpjJfAYu0l/PQRgw/ghc1m6wxX+uF5qByMoiZQK?= =?us-ascii?Q?OcZ1UjQHadOKI304TGlYc5d+3Yr2FmLOj0L4NWVf02jIile4pcyfdXiI00D7?= =?us-ascii?Q?uGMEBpLnHGiEAHClcz87YzELIdV689/h64YHsXsyc6GlENxHmyoi8s5p0Jfh?= =?us-ascii?Q?xvCHrb0dvZHY4u2S2WTX75uf9PCI7fangLJ6vTcGZD0DgEJfKVJ4IR637eiH?= =?us-ascii?Q?mxJOJtoxuhH65A9HnInLvaG9WVXxGkYZ1gkwFz8FVvlPzenQJk9tC2w4xNmd?= =?us-ascii?Q?IBWtxtB2KaqVunAJtspki1FWRdhBNkfyyKeEwuBH82JTkMk5rizWLMdL9XDh?= =?us-ascii?Q?CwHnCb/K/t2x4vMk+B09hcp6fAocFJGialZaBu02qmPTxguoivsV+YZXCglg?= =?us-ascii?Q?vV8DpgimkbSNdHR8ka0ImltQ40gEKe2EKkPFaAae2SLHfviPm0tKpnpGcBc3?= =?us-ascii?Q?eDBQ1giXSajdXYqVUQW8hieWjlp9A+XQHHdYBQmB3zBQW0O7gt/5RgegRJID?= =?us-ascii?Q?ceN+LJoDrZU/bGtOCdZJmBixRofZ7NX0Mnq6xIEk6Nr0TGrwM3PG9xze4qSi?= =?us-ascii?Q?aU6L6Wj8l+yjkYsPlW4bTmp326pSnNvgPQRSrol5+ddf8iK/WmBsacsDFbLB?= =?us-ascii?Q?8qNZm+2tND4kyaTX81Zy2ffrcfzPfnaQlwobxEFR4IfBeTR+NZMjaDZ2cFFC?= =?us-ascii?Q?gFtboDq7WezQ0N1VydzrlB79/9JKShZpEkEHuRJCJ2t0?= X-OriginatorOrg: theobroma-systems.com X-MS-Exchange-CrossTenant-Network-Message-Id: c79fff33-8161-4cf4-3895-08da68fc0b7b X-MS-Exchange-CrossTenant-AuthSource: PA4PR04MB9367.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Jul 2022 20:28:16.1580 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 5e0e1b52-21b5-4e7b-83bb-514ec460677e X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: bkOvUm1R4Bsj6xkXkSZROoGBd29AJum+RT6iT5tykVS0LD2hMx8JweTVA9j0q/leM7dJRyAFdARV2lLwyGwllVimTRSBlivIh/Vn1czb+fhXOpoyn+O+/HQmxtBy3S5Z X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR04MB4853 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 18 Jul 2022 20:28:24 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/168257 Hi Livius, On 6/3/22 23:45, Livius wrote: > Finaly, i found the problem and i could solve it. SHA-256 is too weak to = make a password hash, this is why on first login we need to change password= always. >=20 > Please fix it in Yocto manual ( https://urldefense.proofpoint.com/v2/url?= u=3Dhttps-3A__docs.yoctoproject.org_singleindex.html-23term-2DEXTRA-5FUSERS= -5FPARAMS&d=3DDwIFaQ&c=3D_sEr5x9kUWhuk4_nFwjJtA&r=3DLYjLexDn7rXIzVmkNPvw5ym= A1XTSqHGq8yBP6m6qZZ4njZguQhZhkI_-172IIy1t&m=3D0uV8RQppxWsB3H_ISKM3TtcskB-MI= QyiSP7s0BMWyk5zDyOJ2v-Hmu1z51A1H1Td&s=3DbI64ytMKJ6c4SoARAXvTxdYfYoS61-EPSeq= xAbok8CY&e=3D ). When i set it to generate=C2=A0sha512crypt hash it works = fine, there are no any change request on first login. >=20 With poky commit 2d1838b7bc ("python3-picobuild: upgrade to 0.2") master=20 branch and the following diff: diff --git a/meta/recipes-core/images/core-image-minimal.bb=20 b/meta/recipes-core/images/core-image-minimal.bb index 84343adcd8..f21f467bfd 100644 --- a/meta/recipes-core/images/core-image-minimal.bb +++ b/meta/recipes-core/images/core-image-minimal.bb @@ -10,3 +10,8 @@ inherit core-image IMAGE_ROOTFS_SIZE ?=3D "8192" IMAGE_ROOTFS_EXTRA_SPACE:append =3D=20 "${@bb.utils.contains("DISTRO_FEATURES", "systemd", " + 4096", "", d)}" + +inherit extrausers + +PASSWD =3D=20 "\$5\$AEz8bdRlSRIc3Ejb\$g3M6ww5SouP5wwkjw126ulgdxNMlLfx5b.hbCRpZMM4" +EXTRA_USERS_PARAMS =3D "usermod -p '${PASSWD}' root; " with brand new build directory created with source oe-init-build-env=20 ../build Then running the qemu image with: runqemu noslirp nographic I can successfully login and do not get any request for a password=20 change, even though the password I created was generated as explained in=20 the docs. Can you give us more info so we can reproduce this and amend the=20 documentation or fix the code for the usecase you found required sha512? Thanks, Quentin From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C91D3C433EF for ; Mon, 18 Jul 2022 21:48:14 +0000 (UTC) Subject: Re: Forced password change in first login To: openembedded-core@lists.openembedded.org From: "Livius" X-Originating-Location: =?utf-8?q?Fegyvernek=2C_J=C3=A1sz-Nagykun-Szolnok=2C?= =?utf-8?q?_HU_=28178=2E48=2E208=2E198=29?= X-Originating-Platform: Windows Chrome 103 User-Agent: GROUPS.IO Web Poster MIME-Version: 1.0 Date: Mon, 18 Jul 2022 14:48:07 -0700 References: <15208757-c36e-5adf-1b74-8d030b53b9a9@theobroma-systems.com> In-Reply-To: <15208757-c36e-5adf-1b74-8d030b53b9a9@theobroma-systems.com> Message-ID: <22536.1658180887983506156@lists.openembedded.org> Content-Type: multipart/alternative; boundary="16bD3SUC1SYE3MKFFxCN" List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 18 Jul 2022 21:48:14 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/168260 --16bD3SUC1SYE3MKFFxCN Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable In Yocto Honister if i use sha256crypt for my password hash my finished Lin= ux image can not like it, and at first boot it forces to me to change it. I= f i use=C2=A0sha512crypt for my hash everything is ok at Linux first boot. --16bD3SUC1SYE3MKFFxCN Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable In Yocto Honister if i use sha256crypt for my password hash my finished Lin= ux image can not like it, and at first boot it forces to me to change it. I= f i use sha512crypt for my hash everything is ok at Linux first boot. --16bD3SUC1SYE3MKFFxCN-- From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2D76EC43334 for ; Tue, 19 Jul 2022 12:58:09 +0000 (UTC) Received: from EUR05-VI1-obe.outbound.protection.outlook.com (EUR05-VI1-obe.outbound.protection.outlook.com [40.107.21.85]) by mx.groups.io with SMTP id smtpd.web11.40275.1658235482121353045 for ; Tue, 19 Jul 2022 05:58:02 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@cherrycloud.onmicrosoft.com header.s=selector2-cherrycloud-onmicrosoft-com header.b=F2oGZhtB; spf=pass (domain: theobroma-systems.com, ip: 40.107.21.85, mailfrom: quentin.schulz@theobroma-systems.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CJIATPhgLWx9pX/wIJmJxFbPbPa1/EC/GdNEkKPV+pYlxDNOxmu7gboyl+IlIVY6ljueIj3w+ENN6TvloVR/vly6CHLsF4XZOMHDFHvPkN3MKV4PLEPAB/meSeTNMhuK8Rzebg7o52pEwvIwsOFXyIwR0LdD7YJCVQ03oQO/GWusX8DwPzQP+MrdDtr14pVQZkss9GU6iJBy+YmVK4OwhJeEFTOmdYqDr6AGHnK03EHdYuSpZDr7MYZG4zGzFKUSgPMxpFb0Mdg+6JyPhvbZ7NxVUr+iAnudyYu+8VgW0qhMd5B87x1VwlViWYVRiE/DVy2Zq6EER8DeJzdeSi4C5g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=VWT4qdefgmKiJq8wOwMMm3Z8W47m2VXFMM8GRfMFDH8=; b=TyRsF61Qqp/1w3MImY2FBfU0zPcuCTwUZ08016SUEf2g2LGfsTx9E5rU1gZlCJZdIuCgCUG7+371iUzfd1QZiGZC+Ro4JXeou7ALxk8jXRaXqvkMkmrx4uUT4QvC7FukOzwVic8mXC2d1iatdZiYHTsYVkC9PLYJgw06QLC1ygXGq7uyzlOlU8z0s0gVwA8jdAJeSt3IIVU5wEq5RTZPeT0FjbaipWA6v+n8M8cRlTjoWVe6wIj8rOH6Ecxy8eMBQ6C55YfCj5uxWemrmWR33NZ6KOka5pmHOHCq+kt6Cg297v+yTwqiJRsT+/t6iC6lPVZq8RiyfGFNUDfc4HTpPg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=theobroma-systems.com; dmarc=pass action=none header.from=theobroma-systems.com; dkim=pass header.d=theobroma-systems.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cherrycloud.onmicrosoft.com; s=selector2-cherrycloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=VWT4qdefgmKiJq8wOwMMm3Z8W47m2VXFMM8GRfMFDH8=; b=F2oGZhtBMujPVFeZgsaBV46022OkgWGLOkodbKnJjjASjp75JcZmB19qn1ZBBObgEiq/vxgVTaJUUD5uxKlEgWliZd1C5rIERK/f99KfyHy1rCTXpIVJDMZAfkaq/C9jU/BQO7DASqcja2C8yGfHWuho6FustEphtm5z1uenfb0= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=theobroma-systems.com; Received: from PA4PR04MB9367.eurprd04.prod.outlook.com (2603:10a6:102:2aa::7) by DB3PR0402MB3706.eurprd04.prod.outlook.com (2603:10a6:8:5::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5438.23; Tue, 19 Jul 2022 12:57:58 +0000 Received: from PA4PR04MB9367.eurprd04.prod.outlook.com ([fe80::5c3:766e:66e9:8c4]) by PA4PR04MB9367.eurprd04.prod.outlook.com ([fe80::5c3:766e:66e9:8c4%8]) with mapi id 15.20.5438.023; Tue, 19 Jul 2022 12:57:58 +0000 Message-ID: <7de31512-a9f1-4682-15a5-06b53da83458@theobroma-systems.com> Date: Tue, 19 Jul 2022 14:57:56 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.11.0 Subject: Re: [OE-core] Forced password change in first login Content-Language: en-US To: Livius , openembedded-core@lists.openembedded.org References: <15208757-c36e-5adf-1b74-8d030b53b9a9@theobroma-systems.com> <22536.1658180887983506156@lists.openembedded.org> From: Quentin Schulz In-Reply-To: <22536.1658180887983506156@lists.openembedded.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: LO2P123CA0045.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600::33) To PA4PR04MB9367.eurprd04.prod.outlook.com (2603:10a6:102:2aa::7) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 1ffc5dad-79fd-41e7-b996-08da69864dbb X-MS-TrafficTypeDiagnostic: DB3PR0402MB3706:EE_ X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: tDXqcIAq9zWF+7Q4JhNsj6f5TkVjiuNubltIPdNGwR1GpiCd93tSzcjB60W8zaI0jEmRjd8u4ECPPW3Iai/Uq+MHLOh1FzS6vtAnBW49MKb7k147rF2AgR/DGSYn6aF1Xddcf5y7JSzlMxbG8mp8yvZdiaVAL8ASHKuXYfBbsZopgMb92JURaAgnOtiJQLSvTN6nU9cXcfhFFAIh++CX8nQb3ThhkgHl5SlnfI78Aq+wTRCHQRc8xTwVz4nAJaLxJYwvmBLxrMHQ8pL+oBra27WtlbeWpolG9THeErDN5uz08DA6/fEUYF7pFvzM8uJWgiE1SyJT340a72j422pCPD5/7LlsHmACRai4aHJkSnxr2qD71gQ7D/mY4LW7pHOZq11Xri0fuWaMOu1Or3Xx5SXt8sAusN4/Y+8sacgQQ/bhBVOGbgEmbQGzPgFJMHfCKJcbgPW+/yS9gEr2/u9khSi77Z4kzJSVIX2ix/9YvelZLjlEQQHsihqvIj8wHAkdplVMu1VuUrXSpn2WPZqpOpUJMs1qrnzIT86LreJcN1Hk6za4cGjow/NwmaAhbOV3V/8ly9jyo/gafYf/T1QA4ddoonWDEHXepHJgUv2TKy1HMzlwEVtLvAPBtF+uxGOpoeThr3N6lwAdHFR+1XVKg4x+ryxK5+ikmYjlyvTQ/GEUVrbS3neuLsjliZUDRHxeqg6OGZo1ZbMckM0G2Re37zkFqR7y6GbWtwTiNNAWadGUIYN1VAT7lCPsnTDn3f2VyPAM5ii7qZvkJFH7tnLtGlVqI+NGV6/Z6PgISDJ8kbDErzYOpRk4cgdQdn9qHaPa X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PA4PR04MB9367.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230016)(366004)(396003)(346002)(136003)(376002)(39850400004)(66946007)(316002)(66556008)(38100700002)(31686004)(8676002)(66476007)(36756003)(2906002)(41300700001)(26005)(83380400001)(6512007)(4744005)(2616005)(5660300002)(44832011)(31696002)(6486002)(478600001)(8936002)(6506007)(53546011)(86362001)(186003)(45980500001)(43740500002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?AbRldIAsL06Xxtyk10y2rAF4lzjF2Dqi9XwPGP1gK23XqWm8C7rb4nUEYP0r?= =?us-ascii?Q?ZDfu2zP/IQWXHe/KbEJBtWUMpicZlykCLZeyFdNFJXJ0hEbWx0x8FbPBE1nI?= =?us-ascii?Q?/jlw9rj4mBy6Kq8jumtiAUUHMBH4IQG7rAUZHkqRo3vYyPLt/dRy4ZYV1vNT?= =?us-ascii?Q?LUFLiv8zOxpkteLCMWiiJa10pc/KFBnasTJ5h774BfaG2z/6tSwgnJcGrQDr?= =?us-ascii?Q?F+IGlBGJhfut9dKy5jDfA5+7QTlhYhUh35ets1eEuoi454VUGjED87m5F1wL?= =?us-ascii?Q?6JIHynxJoFM65mZJE4jLPvTXvtXMrFzoSY46jrUasRC08o/XC7ehgzfJjH40?= =?us-ascii?Q?mlCcElaS/ZnJucEFv6JO0t3kXL37GM7AO5VKFaeTDnm8aGwbRhtyg30CfwB5?= =?us-ascii?Q?jjapDma/eUS3+WahYAfUMkhBUIP855rmRrVeMyoMy9uNu9a3Vy4reQPQUbXF?= =?us-ascii?Q?mLj8VD+iIX7qpOuW5RhpCOB9V0qsXV/x2GgbEsFjiiC2yrHNd+xw7mRb8svI?= =?us-ascii?Q?B+Uc35wO9LRKZFiQybnFooVg7SlnAMaxWchf5SOUmLfa8hQGnUqWk7W9c8pM?= =?us-ascii?Q?IJlH9bjJclZ04Z10yo70cWbnKVGUaIzwgypTWTFMLWPIdPcqrf4Gx6UbKZUh?= =?us-ascii?Q?45L8NXSYslHrzw13S879XRC4NwEefBA8GiVyZYgp0d9BkyprXUpZ1U1oao5J?= =?us-ascii?Q?l6n0IQfPdPhd5HSWAF96cFaw8LYMco8a7mnc0y3hew8MVWZEKcZ89p5dbEVx?= =?us-ascii?Q?MlifWmZfud+d7oZPCkzYgwLLfLyV5waFQGWmpKRZLqovkE/XU/RQ1cQPlm1H?= =?us-ascii?Q?umFBUVNuW5hZj4L6HkdQ+7qdQGyzlThjvxZHTdyInxNcDPDIANwkFq6lt8PW?= =?us-ascii?Q?SJfxIoWaiOFgteJadgp8g0hsPzUqyiJXionJRdRYGBtbCwpuYotWEk62lPNr?= =?us-ascii?Q?r+a7vEpB0mmYy/0/roMts401iw9gWbmCihAN40QiTo+x6mwnhZLYdGMPuQMD?= =?us-ascii?Q?a2YB3pjUA3RJBzG9QjIYznu5SbAdsZqQ3VtR/B9VD7OZ3vfUmXz9tPjWx4G1?= =?us-ascii?Q?lNxlGpAa9R/jHxYREzQb7i3q1Mxh8xm+pl+nuNrPyz2CZDSWq8DCP5IZ8NpO?= =?us-ascii?Q?rSx76UuKK89U+de0rcXwdDh1tqhFYJyNNUUQ8phmYDSWkLoFaL/0u4Hq4bX4?= =?us-ascii?Q?QE3Dx3QvkyY8rU1YHNnM94pdWZjqFbQt6pAN4hfFsAhtmRZP2eawbyaQwHct?= =?us-ascii?Q?u3RzHBpPCeXurpQfVl/EXPSZQKHpgYuNvLX9wHZ3luE8ee3foEYFXb0ZHbiz?= =?us-ascii?Q?kPt5KCn5H4b9/pnrf2t+CxRYhmxiaQNQMFgR8O6+vx0qC+bosIf0YwvoWKSk?= =?us-ascii?Q?dNqou7id7Z7vc/SKa4AWWeDSnybHQyR2ucJPo2ar/o6YVkvONfSSRUR8qnQz?= =?us-ascii?Q?m5cR3uA6CSpZ5t9mu4fVOx+A3fn53pfWrPxh9vSNQgKt0kRzD/5KRmGAV9up?= =?us-ascii?Q?iOYJeU17Ra+mjZZJsi5VnSU89wpaTcyvEIy+RHteCrOF8GQ9koSt0i4NP63e?= =?us-ascii?Q?BL95VJljAPgvHHyLZFw1Zf9U6ZEymskRZP5Rz8Kg5oZ3P0cGkn0vHQroVqgU?= =?us-ascii?Q?3+zhpomaPP5I3KfoU/M1HDw=3D?= X-OriginatorOrg: theobroma-systems.com X-MS-Exchange-CrossTenant-Network-Message-Id: 1ffc5dad-79fd-41e7-b996-08da69864dbb X-MS-Exchange-CrossTenant-AuthSource: PA4PR04MB9367.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Jul 2022 12:57:57.9684 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 5e0e1b52-21b5-4e7b-83bb-514ec460677e X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: vEfWksSDNqNt+9ervk0jMrA6Wrm3zRAb0m/wzAskVF4w2ILBUYtFWcLO7xezWpiOl8p6Zy9bMy4uhIQU0ugffNwgWN9lL99//rr+GdsdeMwA95y9rf6xwUUjKw+lljEe X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB3PR0402MB3706 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 19 Jul 2022 12:58:09 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/168280 Hi Livius, On 7/18/22 23:48, Livius wrote: > In Yocto Honister if i use sha256crypt for my password hash my finished L= inux image can not like it, and at first boot it forces to me to change it.= If i use=C2=A0sha512crypt for my hash everything is ok at Linux first boot= . >=20 Just tested on top of honister branch (fd00d74f47 yocto-bsps: update to=20 v5.10.113) with the same process/diff as given in yesterday's mail. I=20 couldn't reproduce what you experienced. Is there some minimal reproducer you could give us so that we can make=20 sure this is fixed? I don't want to fix the docs if the issue is=20 actually in the code elsewhere :) Cheers, Quentin From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3FDB5C433EF for ; Tue, 19 Jul 2022 19:38:51 +0000 (UTC) Subject: Re: Forced password change in first login To: openembedded-core@lists.openembedded.org From: "Livius" X-Originating-Location: =?utf-8?q?Fegyvernek=2C_J=C3=A1sz-Nagykun-Szolnok=2C?= =?utf-8?q?_HU_=28178=2E48=2E208=2E198=29?= X-Originating-Platform: Windows Chrome 103 User-Agent: GROUPS.IO Web Poster MIME-Version: 1.0 Date: Tue, 19 Jul 2022 12:38:49 -0700 References: <7de31512-a9f1-4682-15a5-06b53da83458@theobroma-systems.com> In-Reply-To: <7de31512-a9f1-4682-15a5-06b53da83458@theobroma-systems.com> Message-ID: <21049.1658259529123357494@lists.openembedded.org> Content-Type: multipart/alternative; boundary="IwaRxs3dxw91lC5mmXwW" List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 19 Jul 2022 19:38:51 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/168288 --IwaRxs3dxw91lC5mmXwW Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable I got this "feature" on Yocto project of Xilinx ( https://xilinx-wiki.atlas= sian.net/wiki/spaces/A/pages/18841883/Yocto ) rel-v2022.1 (honister). It se= ems to me my Linux kernel uses SHA-512 in default because after my first pa= ssword change i could se the ident number of this encryption in /etc/shadow= ( https://www.cyberciti.biz/faq/understanding-etcshadow-file/ ). For all o= f my pre-made users from Yocto recipes if they had SHA-256 password hash, i= n first login it was forced to change. I could solve it after that i realiz= edm my Linux build likes to generate SHA-512 password has in run-time. --IwaRxs3dxw91lC5mmXwW Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable I got this "feature" on Yocto proj= ect of Xilinx rel-v2022.1 (honister). It seems to me my Linux kernel us= es SHA-512 in default because after my first password change i could se the= ident number of this encryption in /etc/sh= adow. For all of my pre-made users from Yocto recipes if they had SHA-2= 56 password hash, in first login it was forced to change. I could solve it = after that i realizedm my Linux build likes to generate SHA-512 password ha= s in run-time. --IwaRxs3dxw91lC5mmXwW--