[ previous ] [ next ] [ threads ]
 
 From:  Michal Bartkowiak <mailing at digital dot nonspace dot net>
 To:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] unencrypted webGUI default password
 Date:  Sat, 20 Aug 2005 09:55:50 +0200
On Fri, 19 Aug 2005 15:57:54 -0400
Chris Buechler <cbuechler at gmail dot com> wrote:

> > In all configuration files default password is encrypted, but how to
> > get rid of unencrypted system password in /etc/rc.initial.password ?
> 
> why bother?  I'm sure it's there for reset to factory, or something

Yes, it's default password. Why bother? Because I like to keep ALL my
passwords secret, no mather if it's default or what (ofcourse I assume
that this password is something else than "mono" ;)). Second reason is
that friend asked me if I could prepare m0n0wall image with modified
default settings/rules/services to him.. and I don't want to know his
password.

> similar to that.  The only way to get that file is to either
> physically steal the firewall, or have root access.  In either case,
> the clear default password, which is far from a secret anyway, in
> rc.initial.password is the least of your concerns.

Password, like definition says, is something secret. But it's
true that if someone steal my m0n0wall then I'll have bigger problems.
Anyway, some nice people gives me answer off-list, so I put it here to
those who bother.

Run crypt("yourpasswordhere") and put it in place of the crypt
function (wich will return the encrypted value)

$config['system']['password'] = crypt("mono");
to
$config['system']['password'] = "$1$2xGLA75j$W/jiJc00HYBZX7kFjxjQv0";
(I know, in this example it is still "mono").

--
Michal Bartkowiak