Hi I didn't follow the discussion but just want to throw in two points that come to my mind, you don't need to comment them if you already discussed them...
On 2006-05-15 Olaf van der Spek wrote: > > On Sun, May 14, 2006 at 10:20:55PM +0200, Olaf van der Spek wrote: > >> So could you please explain what part of your 'general principle' is > >> against communicating a random password to the administrator? > > > > placing it in a file would be less of an issue, and i'm not as opposed > > Storing it in a file also has the advantage that it's less likely to get > lost. - Storing passwords even read-only by root is a security weakness as somebody who got root on a server by whatever means normally *still* does not know plaintext passwords which most admins tend to use for several hosts... - Debconf seems to have a way of storing passwords in a secure way, I have a passwords file in /var/lib/debconf - Asking for passwords complicates automated installs so autogen one at least if debconf is not run interactively. - Maybe store the password in /etc/mysql/ *but* warn on every cron.daily run that leaving this file there is a bad idea... -ch- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
