Hello Team,
My customer is going into mass production and he would like to have one master 'root' password for all their devices.
By default, the login on "root" is enabled on yocto, to enable quicker development and debugging.
This feature is enabled by setting the flag "debug-tweaks" in local.conf file in yocto build.
The exact line looks like this:
EXTRA_IMAGE_FEATURES ?= "debug-tweaks"
The way to add a password according to yocto is:
firstly to comment out the 'debug-tweaks' flag, so the yocto does not force an empty root password, and it is expected from the developer to provide one
secondly is to provide a password and/or other users into the image like this:
INHERIT += "extrausers"
EXTRA_USERS_PARAMS = "usermod -p '$(openssl passwd TEST1234)' root;"
Please find the customer inquiries below:
1) With the above configuration, we have a working root password but is limited to only 8 characters,
Please advise back on how to overcome the characters limitation in log-in password on the?
2) also with the method above we are forced to change the password of root when we log-in to the system for the first time.
Please advise how we can avoid from the system to request changing the password when login to the system for the first time?
Waiting for your kind feedback, Thanks a lot.
KR,
Shai
Hi @shai_b ,
I hope you're having a great day. Could you let us know the Yocto version as well as de BSP version your client is using?
Best regards,
Hector.
Hi @shai_b ,
I'm currently reviewing this case, sorry for the delay.
Best regards,
Hector.
Hi @shai_b ,
I hope you're doing well. Has your customer tried another form of encryption for the password? For example, the Yocto documentation uses the following as an example:
mkpasswd -m sha256crypt tester01
Which it's result ends up assigned to a variable and then to the specific user:
inherit extrausers PASSWD = "\$X\$ABC123\$A-Long-Hash" EXTRA_USERS_PARAMS = "\ useradd -p '${PASSWD}' root; "
I'd also like to add the following warning mentioned in the documentation:
"NOTE: From a security perspective, hardcoding a default password is not generally a good idea or even legal in some jurisdictions. It is recommended that you do not do this if you are building a production image."
Let me know if this information was helpful.
Best regards,
Hector,
The Yocto release is "Honister" (kernel v5.15.5), used for imx8mm-evk image.
Waiting for your kind feedback, Thanks a lot.
KR,
Shai