On Thu, Mar 30, 2023 at 3:55 AM Kathy L <[email protected]> wrote:
> I currently have a task that adds a grub password so if the user wants to > change anything in grub they have to enter the proper user and password. > > The problem is that I have it working only when I generate the password by > hand using grub-mkpasswd-pbkdf2 enter the password twice, which generates > the hash. I then paste the hash into the variable "grub_password". > > The problem is I want to generate a random grub password on the fly and > pass this password to grub-mkpasswd-pbkdf2 to generate the hash, then put > the hash into a variable. I cannot figure out how to do this. Do I have to > use the expect module to feed the random generated password into > grub-mkpasswd-pdkdf2? > I'd stay away from expect. > > I've scoured online but everyone seems to have generated the hash > beforehand. Any ideas how I can do this? > Here is some python code that is completely unverified: https://github.com/ryran/burg2-mkpasswd-pbkdf2 I just recently did this in puppet (ruby based): def default_grub_mkpasswd_pbkdf2( clear_text, salt, rounds = 10000 ) require 'openssl' digest = OpenSSL::Digest::SHA512.new hashed_password = OpenSSL::PKCS5.pbkdf2_hmac(clear_text, salt, rounds, digest.digest_length, digest).unpack('H*').first.upcase return "grub.pbkdf2.sha512.#{rounds}.#{salt.unpack('H*').first.upcase}.#{hashed_password}" end I know that is a ruby, but it shouldn't be hard to translate. If you pass it the same salt each time, you'll get the same hash each time. That is, it is deterministic. Cheers, -m -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAOLfK3VWFpDRySOX7j8wutqoQcdsnQ-jL7caf2_rNzkUmgEY%3Dg%40mail.gmail.com.
