UUIDs and Security

[knowmad]

So, in another (actually several other) threads there has been an ongoing discussion about account creation and UUIDs. Several people who seem to know what they are talking about are advocating using a single UUID across all machines for the Admin account so that you can easily change the password via a push of the hashed password file.

What are the Security Pros and Cons for this?

The pro is an easy and fast way to change the local admin password across all machines…..

What, if any, are the drawbacks of this plan?

[akinspe]

Well I think you can make an argument that it’s security agnostic. The reason being that all those files and their folders are root readable only, and so if someone’s rooted you already then all the UUID changing in the world won’t matter.

I can see merits in both methods. But you could just as easily write a script that quickly looks up the UUID on your box and the writes the hash to the appropriate file. It’s not as dumb plumb easy as simply copying a file, but once created it’s just as easy to deploy.

I can’t think of any significant drawbacks. Part of the flexible add user package I’m creating will allow the ability to either specify the UUID or let it auto generate one. So it’ll be your choice.

[knowmad]

ok, now I am REALLY interested in seeing this new tool of yours…..

[Author]

Posts