diff options
| author | Christian Poessinger <christian@poessinger.com> | 2020-05-22 15:34:39 +0200 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2020-05-22 15:34:39 +0200 |
| commit | 38747960151d3e7d31966f3663aa69f563d8e326 (patch) | |
| tree | 945d8763b8a2d27f930c0e10602ebe81418cd6d7 /src/conf_mode | |
| parent | 4414803c35587e50a77f4493f45326068f566c11 (diff) | |
| download | vyos-1x-38747960151d3e7d31966f3663aa69f563d8e326.tar.gz vyos-1x-38747960151d3e7d31966f3663aa69f563d8e326.zip | |
login: T2492: force setting of encrypted password on first boot
Diffstat (limited to 'src/conf_mode')
| -rwxr-xr-x | src/conf_mode/system-login.py | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/src/conf_mode/system-login.py b/src/conf_mode/system-login.py index e6dfd544b..349dcce2a 100755 --- a/src/conf_mode/system-login.py +++ b/src/conf_mode/system-login.py @@ -232,9 +232,13 @@ def generate(login): "authentication encrypted-password '{password_encrypted}'" .format(**user), env=env) - elif user['password_encrypted']: - # unset encrypted password so we do not update it with the same - # value again and thus it will not appear in system logs + elif getspnam(user['name']).sp_pwdp == user['password_encrypted']: + # If the current encrypted bassword matches the encrypted password + # from the config - do not update it. This will remove the encrypted + # value from the system logs. + # + # The encrypted password will be set only once during the first boot + # after an image upgrade. user['password_encrypted'] = '' if len(login['radius_server']) > 0: |