diff mbox series

[isar-cip-core,v2,1/2] kas/opt/security.yml : Change password to fit pam_passwdqc policy

Message ID 20230705073358.16663-2-Sai.Sathujoda@toshiba-tsip.com (mailing list archive)
State Accepted
Headers show
Series Modifying security customizations due to deprecation of libpam-cracklib from bookworm | expand

Commit Message

Sai.Sathujoda@toshiba-tsip.com July 5, 2023, 7:33 a.m. UTC 
From: Sai <Sai.Sathujoda@toshiba-tsip.com>

Since we using pam_passwdqc from bookworm, our current security image login password
does not meet the requirements based on the below given pam_passwdqc policy.

When calculating the number of character classes, upper-case letters used as the
first character and digits used as the last character of a password are not counted.
This makes our password to have only 3 character classes. Hence we are adding multiple
capital characters to make the total number of character classes as 4.

Signed-off-by: Sai <Sai.Sathujoda@toshiba-tsip.com>
---
 kas/opt/security.yml                                | 2 +-
 recipes-core/security-customizations/files/postinst | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)
diff mbox series

Patch

diff --git a/kas/opt/security.yml b/kas/opt/security.yml
index 4d11905..1f3745b 100644
--- a/kas/opt/security.yml
+++ b/kas/opt/security.yml
@@ -16,7 +16,7 @@  target: cip-core-image-security
 local_conf_header:
   root_password: |
     USERS += "root"
-    USER_root[password] = "Cipsecurity@123"
+    USER_root[password] = "CIPsecurity@123"
     USER_root[flags] = "clear-text-password"
   adjust-swupdate: |
     ABROOTFS_IMAGE_RECIPE = "cip-core-image-security"
diff --git a/recipes-core/security-customizations/files/postinst b/recipes-core/security-customizations/files/postinst
index 77a2713..f7dd18c 100644
--- a/recipes-core/security-customizations/files/postinst
+++ b/recipes-core/security-customizations/files/postinst
@@ -6,7 +6,7 @@ 
 
 set -e
 
-echo "CIP Core Security Image (login: root/Cipsecurity@123)" > /etc/issue
+echo "CIP Core Security Image (login: root/CIPsecurity@123)" > /etc/issue
 
 HOSTNAME=demo
 echo "$HOSTNAME" > /etc/hostname