The HP-provided OS Build Plans use custom attributes to set the administrator or root password for new installations.
-
The custom attribute
EncryptedAdminPasswordis used to set the “Administrator” password on a new Windows installation. -
The custom attribute
encrypted_root_passwordis used to set the “root” password on a new Linux and vSphere/ESXi installation.
You can set this custom attribute for OS Build Plans, individual servers, device groups, or at the facility level if you want to apply the encrypted passwords to all new installations. The value of these custom attributes must be the encrypted version of the password you are trying to set. This prevents the password from being shown in clear text.
The default value for the encrypted password if no custom attribute is specified is:
|
|
|
![[CAUTION: ]](images/caution.gif) |
CAUTION: HP strongly recommends changing the default administrator or root password before deploying a Build Plan to any servers. |
|
|
Creating an encrypted Windows Password
You can add an encrypted Windows password as a custom attribute as follows.
Generate an encrypted Windows password using one of the following methods:
-
Method 1—To generate an encrypted Windows password:
-
Use the Windows System Image Manager tool (available after Microsoft Windows AIK or ADK is installed).
-
Open a Windows image (or catalog file) and create a new answer file.
-
Add password settings to the answer file:
Microsoft-Windows-Shell-Setup | UserAccounts | AdministratorPassword. And add a value to the Administrator password setting. Then on the Tools menu, select Hide Sensitive Data. -
Save the answer file and open the generated
unattend.xmlfile to copy the password.
-
-
Method 2—To generate an encrypted Windows password, use the following command on a Linux system:
echo '<the password you want encoded>AdministratorPassword' | iconv -f UTF-8 -t UCS-2 | base64
For example
echo ‘ChangeMe123!AdministratorPassword’ | iconv -f UTF-8 -t UCS-2 | base64.
After you have generated an encrypted password, create a new custom attribute named EncryptedAdminPassword and enter the resulting encrypted password as the password value.
Creating an encrypted Linux or vSphere/ESXi password
You can add an encrypted Linux password as a custom attribute as follows.
Generate an encrypted Linux or vSphere/ESXi password using one of the following methods:
-
Method 1—To generate an encrypted password for Linux or vSphere/ESXi use the following
openssl passwdcommand on a Linux system:openssl passwd -1 -salt <some random string> <the password you want encrypted>
For example
openssl passwd –1 —salt 7z4m7f1z ChangeMe123!will generate an encrypted password for the default password ChangeMe123!.It will look like
$1$7z4m7f1z$wliShMhVv2HuCAPmuiQzV1(where 1 is the algorithm used, MD5 in this case,7z4m7f1zis the random string prepended to the password before hashing andwliShMhVv2HuCAPmuiQzV1is the result of the hashing). -
Method 2—To generate an encrypted password for Linux or vSphere/EXSi:
From a separate previously configured Linux server using the same password, copy the hashed password for the appropriate account (typically root) from
/etc/shadow.
After you have generated an encrypted password, create a new custom attribute named encrypted_root_password and enter the complete string of the resulting output (example: $1$7z4m7f1z$wliShMhVv2HuCAPmuiQzV1) as the password value.