Re: cgdconfig -e and a couple of small improvements

To: current-users%NetBSD.org@localhost
Subject: Re: cgdconfig -e and a couple of small improvements
From: Alexander Nasonov <alnsn%yandex.ru@localhost>
Date: Thu, 10 May 2018 00:20:25 +0100

Alexander Nasonov wrote:
> # cgdconfig -eC
> /dev/wd0f's passphrase (echo):123456

This is now in the tree. I took out _SC_PASS_MAX from the patch before
committing because _SC_PASS_MAX has been removed from POSIX.

> Java-based console on one of my servers is so bad I can't enter
> a passphrase correctly unless it echoed.

The new option is also useful for changing a passphrase (cgdconfig -G).
It is a very scary operation because cgdconfig doesn't verify your
old passphrase and it doesn't ask you to re-enter your new passphrase.

Echoing both old and new passphases gives you greater piece of mind.

# cgdconfig -Ge /etc/cgd/backup-sd0d
old file's passphrase (echo):123
new file's passphrase (echo):345
cgdconfig: keygen pkcs5_pbkdf2/sha1 does not need a `key'
algorithm aes-cbc;
iv-method encblkno1;
keylength 256;
verify_method disklabel;
keylength 256;
verify_method disklabel;
keygen pkcs5_pbkdf2/sha1 {
        iterations [REDACTED];
        salt [REDACTED];
};
keygen storedkey key [REDACTED];

-- 
Alex

References:
- cgdconfig -e and a couple of small improvements
  - From: Alexander Nasonov

Prev by Date: Automated report: NetBSD-current/i386 build success
Next by Date: daily CVS update output
Previous by Thread: cgdconfig -e and a couple of small improvements
Next by Thread: adding devices to puc(4)
Indexes:

Home | Main Index | Thread Index | Old Index