[Pkg-shadow-devel] Bug#304343: marked as done ([POST-SARGE]
preseeding disabled passwords)
Debian Bug Tracking System
owner at bugs.debian.org
Thu Oct 13 18:48:29 UTC 2005
Your message dated Thu, 13 Oct 2005 11:32:08 -0700
with message-id <E1EQ7s8-0001XR-00 at spohr.debian.org>
and subject line Bug#304343: fixed in shadow 1:4.0.13-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 12 Apr 2005 14:40:22 +0000
>From debian at layer-acht.org Tue Apr 12 07:40:22 2005
Return-path: <debian at layer-acht.org>
Received: from bone.digitalis.org [212.12.48.27]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DLMYw-0007Lu-00; Tue, 12 Apr 2005 07:40:22 -0700
Received: from localhost (bone [127.0.0.1])
by bone.digitalis.org (Postfix) with ESMTP id 7D40C329948
for <submit at bugs.debian.org>; Tue, 12 Apr 2005 16:39:59 +0200 (CEST)
Received: from bone.digitalis.org ([127.0.0.1])
by localhost (bone [127.0.0.1]) (amavisd-new, port 10024) with ESMTP
id 07109-04 for <submit at bugs.debian.org>;
Tue, 12 Apr 2005 16:39:59 +0200 (CEST)
Received: from matrix.athome (c212252.adsl.hansenet.de [213.39.212.252])
(using SSLv3 with cipher RC4-MD5 (128/128 bits))
(Client did not present a certificate)
by bone.digitalis.org (Postfix) with ESMTP id F2F47329947
for <submit at bugs.debian.org>; Tue, 12 Apr 2005 16:39:58 +0200 (CEST)
From: Holger Levsen <debian at layer-acht.org>
To: submit at bugs.debian.org
Subject: preseeding disabled passwords
Date: Tue, 12 Apr 2005 16:39:32 +0200
User-Agent: KMail/1.7.1
MIME-Version: 1.0
Content-Type: multipart/signed;
boundary="nextPart1406437.pc0xusUSZS";
protocol="application/pgp-signature";
micalg=pgp-sha1
Content-Transfer-Encoding: 7bit
Message-Id: <200504121639.41013.debian at layer-acht.org>
X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at digitalis.org
Delivered-To: submit at bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
--nextPart1406437.pc0xusUSZS
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
package: shadow
severity: wishlist
Hi,
I would like to be able (post sarge :) to preseed (with d-i) disabled=20
passwords. So I could disable the root account and pull user data from ldap=
=20
or with ssh's authorized_keys.
Some log bits from our discussion on #debian-boot
<h01ger> bubulle: i'm strictly against asking for passwords only once. How =
to=20
detect typos that way ? There is no way so people will choose passwords lik=
e=20
"mate" or "123" :-( If you ask for passwords, you have to confirm them. For=
=20
critical installation mode, $disabled as a password would be much more=20
handy :)
<bubulle> As shadow maintainer now (sigh), I will implement what is judged =
as=20
most appropriate by the d-i team, as this feature is only used during=20
installs
<bubulle> sam for the groups the first created user should belong too (I=20
*will* deal with that post-sarge...but, again, after taking opinions from=20
either the d-i team, or the technical comitee, or by starting a flamew^W=20
discussion in -devel
<aba> bubulle: well, a nice thing would be to allow to not set any root pw =
=2E..
<bubulle> aba: you mean, disable it as h01ger suggested?
<h01ger> bubulle: you might even argue that it's a debian decision. as=20
"ergonomic user interfaces" are demanded by some laws (you are not allowed =
to=20
use unergonomic software) and entering a password only once is against all=
=20
users expectations. - even admins have a right for ergonomic software :-) b=
ut=20
i absolutly agree with post-sarge and team-decision.
<bubulle> I also intend to deal with the suggestion to preseed the password=
s=20
with encrypted values
<h01ger> preseeding encrypted passwords is better of course, but also gives=
a=20
false sense of security. so please also add a warning like "r00tme" :)
<bubulle> h01ger: yep, the decision about prompting the root pw twice is a=
=20
general design decision, so a "debian" decision (thus, technical comitee,=20
again?)
<p2-mate> aba: you would still need a user with password and sudo in that c=
ase
<aba> p2-mate: yes.
<p2-mate> sounds like moving the problem :)
<bubulle> h01ger: about the ability to disable the root login, I suggest yo=
u=20
report a wishlist bug against shadow for that. IIRC, there no such=20
suggestion. Feel free to paste this whole discussion for the record
<h01ger> p2-mate, thats no problem. you can install authorized_keys with=20
base-config/late|early_command
<aba> p2-mate: if you use user account replication, you don't need any loca=
l=20
account :)
<h01ger> bubulle, ok. will do. thx.
<Kamion> disabled passwords> FWIW that can probably be taken from the Ubunt=
u=20
patch, with different defaults - I just wasn't sure if anyone wanted that
<bubulle> Kamion: looking, some day, at Ubuntu patches to shadow, is among =
my=20
projects for shadow....Sigh...if only days had 30 hours an,d the shadow tea=
m=20
more than 3 members (plus upstream...now well involved)
<bubulle> Kamion: who is currently maintaining shadow in Ubuntu?
<Kamion> bubulle: I'm probably the closest you've got
<bubulle> Kamion: would you consider joining in the small pkg-shadow-devel=
=20
team?
<Kamion> bubulle: yeah, could do, I'll have a look later today
<h01ger> Kamion, where is the patch ? i couldnt find at=20
http://patches.ubuntulinux.org/patches/(shadow.login-nosuid.diff) ?
<Kamion> h01ger: http://people.ubuntu.com/~scott/patches/shadow/
<Kamion> far too enormous for its own good
<h01ger> Kamion, thx.=20
<Kamion> the initial-passwd-udeb thing is a consequence of trying to ask al=
l=20
questions in the first stage; I'm not entirely convinced (yet) that it's th=
e=20
right approach though
<Kamion> I think most of the rest should be pretty obvious
regards,
Holger
--nextPart1406437.pc0xusUSZS
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQBCW92sUHLQNqxYNSARAvibAKDBsmhtvD67luZdL/4VnR42uU84/QCgnFLf
uFVjYhYSCWQ2WbOudPdWb90=
=+QNC
-----END PGP SIGNATURE-----
--nextPart1406437.pc0xusUSZS--
---------------------------------------
Received: (at 304343-close) by bugs.debian.org; 13 Oct 2005 18:39:34 +0000
>From katie at spohr.debian.org Thu Oct 13 11:39:34 2005
Return-path: <katie at spohr.debian.org>
Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian))
id 1EQ7s8-0001XR-00; Thu, 13 Oct 2005 11:32:08 -0700
From: Christian Perrier <bubulle at debian.org>
To: 304343-close at bugs.debian.org
X-Katie: $Revision: 1.56 $
Subject: Bug#304343: fixed in shadow 1:4.0.13-1
Message-Id: <E1EQ7s8-0001XR-00 at spohr.debian.org>
Sender: Archive Administrator <katie at spohr.debian.org>
Date: Thu, 13 Oct 2005 11:32:08 -0700
Delivered-To: 304343-close at bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-CrossAssassin-Score: 6
Source: shadow
Source-Version: 1:4.0.13-1
We believe that the bug you reported is fixed in the latest version of
shadow, which is due to be installed in the Debian FTP archive:
login_4.0.13-1_i386.deb
to pool/main/s/shadow/login_4.0.13-1_i386.deb
passwd_4.0.13-1_i386.deb
to pool/main/s/shadow/passwd_4.0.13-1_i386.deb
shadow_4.0.13-1.diff.gz
to pool/main/s/shadow/shadow_4.0.13-1.diff.gz
shadow_4.0.13-1.dsc
to pool/main/s/shadow/shadow_4.0.13-1.dsc
shadow_4.0.13.orig.tar.gz
to pool/main/s/shadow/shadow_4.0.13.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 304343 at bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christian Perrier <bubulle at debian.org> (supplier of updated shadow package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster at debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 10 Oct 2005 23:15:47 +0200
Source: shadow
Binary: login passwd
Architecture: source i386
Version: 1:4.0.13-1
Distribution: unstable
Urgency: low
Maintainer: Shadow package maintainers <pkg-shadow-devel at lists.alioth.debian.org>
Changed-By: Christian Perrier <bubulle at debian.org>
Description:
login - system login tools
passwd - change and administer password and group data
Closes: 89902 115380 146779 208514 249372 265613 268656 269573 275343 282822 293171 300892 304343 304352 325558 325773 330630 330855 331487 331487 332711
Changes:
shadow (1:4.0.13-1) unstable; urgency=low
.
* The "Maroilles" release
* New upstream version:
Debian bugs fixed by the new upstream version:
- faillog: Do not oversimplify the date of the last unsuccessful login
Closes: #89902
- login.1: also mention securetty(5). Closes: #325773
- chfn.1, chsh.1, groupadd.8, newusers.8, pwconv.8
useradd.8, userdel.8, usermod.8:
Improved crossreferences with other manpages
Closes: #300892
- newgrp.1:
Improved documentation of how group passwords work
Closes: #325558
- passwd.c:
The usage line is no more too terse
Closes: #146779
* Patches to upstream man pages, not yet applied upstream:
- debian/patches/452_doc_password_check_order:
Document the order for checking the password strength
Closes: #115380
* Debian packaging fixes:
- debian/login.su.pam:
- pam_wheel example moved after pam_rootok in config.
Also documents that with 'pam_wheel.so group=foo', root may need to
be in the foo group. Closes: #330630, #330855
- pam_env turned to be used as a session module which it is designed
to be. Thanks to Steinar H. Gunderson who pointed this out and
Steve Langasek and Andrew Suffield who suggested the right solution.
- debian/control:
- manpages-es-extra: versioned Replaces as the man pages have now been
removed
- manpages-de: versioned Replaces as the man pages have now been
removed
- manpages-hu: versioned Replaces as the man pages have now been
removed
- debian/rules:
- pack upstream's NEWS file into login and passwd. Closes: #331487
- pack login.defs and its manpages into "passwd" instead of "login"
package for the Hurd platform. Closes: #249372
- copy upstream's changelog. Closes: #331487
- debian/passwd.config, debian/passwd.templates:
- allow preseeding the root (and user) password with a MD5 hash
Closes: #275343, #304352
Thanks to Colin Watson for the Ubuntu patch
- the above also allows preseeding a disabled password for root
Closes: #304343
- add passwd/user-uid template, which can be preseeded to force the
initial user to have a certain uid.
Thanks to Colin Watson for the Ubuntu patch
- allow hyphens in username
Thanks to Colin Watson for the Ubuntu patch (Ubuntu #15721)
- debian/login.defs:
- document the obsoleted by PAM ENV_HZ variable. Closes: #265613
- better document the real use of USERGROUPS_ENAB. Closes: #282822
- debian/add-shell, debian/remove-shell, debian/add-shell.8,
debian/remove-shell.8:
- utilities moved to debianutils. Add a versioned "Depends" line on
debianutils so that passwd cannot be upgraded when the new
debianutils version including these utilities isn't available
Closes: #208514, #268656, #269573, #293171
* Debconf translation updates:
- Swedish updated. Closes: #332711
Files:
261cbca719b22a396d2c38eab21e0f5b 867 admin required shadow_4.0.13-1.dsc
034fab52e187e63cb52f153bb7f304c8 1622557 admin required shadow_4.0.13.orig.tar.gz
3faf38ca58e4a594721f1068735ce920 181776 admin required shadow_4.0.13-1.diff.gz
15e4ec0f57bdaf06bb3170d4de13867a 599276 admin required passwd_4.0.13-1_i386.deb
087d22baecf6ef53ef8fb5e6d51564c1 560910 admin required login_4.0.13-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDTYDJ1OXtrMAUPS0RAvF5AJ49RdbhnKwV5mp6f+NY88B0/PzDyQCgpjoX
Jkjuz7tmFAhUmVxGJPtloRQ=
=9SLM
-----END PGP SIGNATURE-----
More information about the Pkg-shadow-devel
mailing list