Obsolete security.initialPassword

You can now set users.extraUsers.root.initialHashedPassword instead.
This commit is contained in:
Eelco Dolstra 2014-11-03 12:30:54 +01:00
parent f8f787b800
commit f496c3cbe4
5 changed files with 11 additions and 28 deletions

View file

@ -426,24 +426,12 @@ in {
options = [ groupOpts ];
};
# FIXME: obsolete - will remove.
security.initialRootPassword = mkOption {
type = types.str;
default = "!";
example = "";
description = ''
The (hashed) password for the root account set on initial
installation. The empty string denotes that root can login
locally without a password (but not via remote services such
as SSH, or indirectly via <command>su</command> or
<command>sudo</command>). The string <literal>!</literal>
prevents root from logging in using a password.
Note that setting this option sets
<literal>users.extraUsers.root.hashedPassword</literal>.
Also, if <literal>users.mutableUsers</literal> is false
you cannot change the root password manually, so in that case
the name of this option is a bit misleading, since it will define
the root password beyond the user initialisation phase.
'';
visible = false;
};
};
@ -461,7 +449,7 @@ in {
shell = mkDefault cfg.defaultUserShell;
group = "root";
extraGroups = [ "grsecurity" ];
hashedPassword = mkDefault config.security.initialRootPassword;
initialHashedPassword = mkDefault config.security.initialRootPassword;
};
nobody = {
uid = ids.uids.nobody;

View file

@ -49,5 +49,5 @@ with lib;
boot.supportedFilesystems = [ "zfs" "btrfs" ];
# Allow the user to log in as root without a password.
security.initialRootPassword = "";
users.extraUsers.root.initialHashedPassword = "";
}

View file

@ -98,7 +98,7 @@ let kernel = config.boot.kernelPackages.kernel; in
networking.usePredictableInterfaceNames = false;
# Make it easy to log in as root when running the test interactively.
security.initialRootPassword = mkDefault "";
users.extraUsers.root.initialHashedPassword = mkDefault "";
};

View file

@ -191,10 +191,5 @@ in
environment.systemPackages = [ pkgs.cryptsetup ];
boot.initrd.supportedFilesystems = [ "unionfs-fuse" ];
# Prevent logging in as root without a password. This doesn't really matter,
# since the only PAM services that allow logging in with a null
# password are local ones that are inaccessible on EC2 machines.
security.initialRootPassword = mkDefault "!";
};
}

View file

@ -38,8 +38,8 @@ in {
'';
# docker image config
require = [
# Docker image config.
imports = [
../installer/cd-dvd/channel.nix
../profiles/minimal.nix
../profiles/clone-config.nix
@ -47,16 +47,16 @@ in {
boot.isContainer = true;
# Iptables do not work in docker
# Iptables do not work in Docker.
networking.firewall.enable = false;
services.openssh.enable = true;
# Socket activated ssh presents problem in docker
# Socket activated ssh presents problem in Docker.
services.openssh.startWhenNeeded = false;
# Allow the user to login as root without password
security.initialRootPassword = "";
# Allow the user to login as root without password.
users.extraUsers.root.initialHashedPassword = mkDefault "";
# Some more help text.
services.mingetty.helpLine =