Jabber Server?
Adrian Reber
adrian at lisas.de
Mon Mar 7 18:02:50 UTC 2005
On Mon, Mar 07, 2005 at 10:11:16AM +0100, Enrico Scholz wrote:
> adrian at lisas.de (Adrian Reber) writes:
> >> [... jabber ...]
> >> 1) The default password is somehow securely handled. I didn't read too
> >> carefully, how was this resolved?
> >
> > A random password is created during installation.
>
> mmh...
yeah, I know :-)
> | export NEWPASS="$RANDOM-newpass-$RANDOM"
> | cd %{sysconfdir}
> | %{__perl} -pi -e "s,<secret>secret</secret>,<secret>$NEWPASS</secret>,g" router-users.xml
> | %{__perl} -pi -e "s,<secret>secret</secret>,<secret>$NEWPASS</secret>,g" router.xml
> | %{__perl} -pi -e "s,<pass>secret</pass>,<pass>$NEWPASS</pass>,g" *.xml
>
> 1. the password is random, but not secure (only 32 bit); you could do
>
> | dd if=/dev/urandom bs=20 count=1 | sha1sum
>
> which creates an 80bit password
very nice idea. I will use it.
> 2. the new password is visible with 'ps'; when you add the dependency on
> 'perl' (dunno, if jabber really requires it), you could read it from
> the $NEWPASS environment variable.
>
> But when 'perl' is not required for jabberd functionality, the entire
> script should be rewritten to remove this dep.
It is true that I could replace all the perl stuff with sed and will do
it but how would you circumvent that the password can be seen with ps
during jabbed installation?
Adrian
More information about the fedora-extras-list
mailing list