Documentation< Previous | Contents | Next >
The password for the root account and name and password for a first regular user’s account can be preseeded. For the passwords you can use either clear text values or crypt(3) hashes.
Warning
Be aware that preseeding passwords is not completely secure as everyone with access to the precon- figuration file will have the knowledge of these passwords. Storing hashed passwords is considered secure unless a weak hashing algorithm like DES or MD5 is used which allow for bruteforce attacks. Recommended password hashing algorithms are SHA-256 and SHA512.
# Skip creation of a root account (normal user account will be able to
# use sudo). The default is false; preseed this to true if you want to set
# a root password.
#d-i passwd/root-login boolean false
# Alternatively, to skip creation of a normal user account.
#d-i passwd/make-user boolean false
# Root password, either in clear text
#d-i passwd/root-password password r00tme
#d-i passwd/root-password-again password r00tme
# or encrypted using a crypt(3) hash.
#d-i passwd/root-password-crypted password [crypt(3) hash]
# To create a normal user account.
#d-i passwd/user-fullname string Ubuntu User
#d-i passwd/username string ubuntu
# Normal user’s password, either in clear text
#d-i passwd/user-password password insecure
#d-i passwd/user-password-again password insecure
# or encrypted using a crypt(3) hash.
#d-i passwd/user-password-crypted password [crypt(3) hash]
# Create the first user with the specified UID instead of the default.
#d-i passwd/user-uid string 1010
# The installer will warn about weak passwords. If you are sure you know
# what you’re doing and want to override it, uncomment this.
#d-i user-setup/allow-password-weak boolean true
# The user account will be added to some standard initial groups. To
# override that, use this.
#d-i passwd/user-default-groups string audio cdrom video
# Set to true if you want to encrypt the first user’s home directory.
d-i user-setup/encrypt-home boolean false
The passwd/root-password-crypted and passwd/user-password-crypted variables can also be preseeded with “!” as their value. In that case, the corresponding account is disabled. This may be convenient for the root account, provided of course that an alternative method is set up to allow administrative activities or root login (for instance by using SSH key authentication or sudo).
The following command (available from the whois package) can be used to generate a SHA-512 based crypt(3) hash for a password:
mkpasswd -m sha-512