imx8 | root and user password issue

キャンセル
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 

imx8 | root and user password issue

2,721件の閲覧回数
shai_b
Senior Contributor II

Hello Team,

My customer is going into mass production and he would like to have one master 'root' password for all their devices.

By default, the login on "root" is enabled on yocto, to enable quicker development and debugging.

This feature is enabled by setting the flag "debug-tweaks" in local.conf file in yocto build.

The exact line looks like this:

EXTRA_IMAGE_FEATURES ?= "debug-tweaks"

The way to add a password according to yocto is:

firstly to comment out the 'debug-tweaks' flag, so the yocto does not force an empty root password, and it is expected from the developer to provide one

secondly is to provide a password and/or other users into the image like this:
INHERIT += "extrausers"
EXTRA_USERS_PARAMS = "usermod -p '$(openssl passwd TEST1234)' root;"

Please find the customer inquiries below:

1) With the above configuration, we have a working root password but is limited to only 8 characters,

Please advise back on how to overcome the characters limitation in log-in password on the?

2) also with the method above we are forced to change the password of root when we log-in to the system for the first time.

Please advise how we can avoid from the system to request changing the password when login to the system for the first time?

 

Waiting for your kind feedback, Thanks a lot.

KR,

Shai

ラベル(3)
タグ(1)
0 件の賞賛
返信
6 返答(返信)

2,693件の閲覧回数
hector_delgado
NXP TechSupport
NXP TechSupport

Hi @shai_b ,

I hope you're having a great day. Could you let us know the Yocto version as well as de BSP version your client is using?

Best regards,
Hector.

0 件の賞賛
返信

2,664件の閲覧回数
shai_b
Senior Contributor II
@hector Hello,

There is any update?
I am still waiting for your kind feedback.
Thanks in advance
KR,
Shai
0 件の賞賛
返信

2,647件の閲覧回数
hector_delgado
NXP TechSupport
NXP TechSupport

Hi @shai_b ,

I'm currently reviewing this case, sorry for the delay.

Best regards,
Hector.

0 件の賞賛
返信

2,605件の閲覧回数
shai_b
Senior Contributor II

@hector_delgado Hello,

There is any news?

Kind regards,

Shai

0 件の賞賛
返信

2,582件の閲覧回数
hector_delgado
NXP TechSupport
NXP TechSupport

Hi @shai_b ,

I hope you're doing well. Has your customer tried another form of encryption for the password? For example, the Yocto documentation uses the following as an example:

mkpasswd -m sha256crypt tester01

Which it's result ends up assigned to a variable and then to the specific user:

inherit extrausers
PASSWD = "\$X\$ABC123\$A-Long-Hash"
EXTRA_USERS_PARAMS = "\
    useradd -p '${PASSWD}' root; 
    "

 I'd also like to add the following warning mentioned in the documentation:

"NOTE: From a security perspective, hardcoding a default password is not generally a good idea or even legal in some jurisdictions. It is recommended that you do not do this if you are building a production image."

Let me know if this information was helpful.

Best regards,
Hector,

0 件の賞賛
返信

2,681件の閲覧回数
shai_b
Senior Contributor II

@hector_delgado ,

The Yocto release is "Honister" (kernel v5.15.5), used for imx8mm-evk image.

Waiting for your kind feedback, Thanks a lot.

KR,

Shai

0 件の賞賛
返信