On (30/11/16 05:47), Simo Sorce wrote:
On Wed, 2016-11-30 at 00:22 +0100, Lukas Slebodnik wrote:
> On (29/11/16 23:05), Michael Ströder wrote:
> >Jakub Hrozek wrote:
> >> Would "sss_seed" help here to add a temporary password for
> >> some 'operator' account even if this operator never logged
> >> in? e.g.
https://linux.die.net/man/8/sss_seed
> >
> >AFAICS it needs the password in cleartext. Right?
> >
> man 8 sss_sed says:
>
> -p,--password-file PASS_FILE
> Specify file to read user's password from. (if not specified
> password is prompted for)
>
> password in test file need to be in cleartext.
> But without this option you will be propted in the similar was as with
> changing password with `passwd`
How hard would it be to allow to pass in a pre-hashed password ?
ATM,
we use sysdb_cache_password in the tool which
create sha512 salted hash itself before storing it to cache.
IMHO, it would not be a a problem to pass pre-hashed password
We might want to check that it's valid sha512 or we can skip validation
and store it to directly as string.
So answer is it will not be hard but also probably not a high
priority. Feel free to file a ticket.
LS