marcusburghardt
commented
1 year ago I seems worth to at least include a comment about this in the kickstart files used as reference.
Open shawndwells opened 4 years ago
marcusburghardt
commented
1 year ago I seems worth to at least include a comment about this in the kickstart files used as reference.
SB-237, a law passed in California, contains the following text:
(b) Subject to all of the requirements of subdivision (a), if a connected device is equipped with a means for authentication outside a local area network, it shall be deemed a reasonable security feature under subdivision (a) if either of the following requirements are met: (1) The preprogrammed password is unique to each device manufactured. (2) The device contains a security feature that requires a user to generate a new means of authentication before access is granted to the device for the first time.
Many sample kickstart files have template credentials. For example: https://github.com/ComplianceAsCode/content/blob/master/rhel8/kickstart/ssg-rhel8-ospp-ks.cfg#L55#L65
Per an idea from Steve Grubb, should we include "passwd -e" for those accounts, perhaps in the %post section?