hey guys, On Mon, May 15, 2006 at 11:03:34AM +0200, Olaf van der Spek wrote: > Storing it in a file also has the advantage that it's less likely to get > lost.
the same argument would apply for the system root password :)
> >to that, but i think i still like prompting the admin for a real
> >password and not storing it anywhere.
>
> Isn't doing that via debconf unsafe too?
if the password was kept in debconf, it would be equivalent to
keeping the password in a file readable only by root like you
have suggested (debconf passwords are kept in a root:root 600 file).
*however*, any implementation should certainly reset the password after it
is no longer needed, which is much more secure. more precisely: the
password would be prompted from the user during pre-configuration,
and then used/unset in the postinst.
On Mon, May 15, 2006 at 11:36:35AM +0200, Christian Hammers wrote:
> I didn't follow the discussion but just want to throw in two points that
> - Debconf seems to have a way of storing passwords in a secure way, I
> have a passwords file in /var/lib/debconf
well, it's no more secure than storing it in /etc/mysql/rootpassword.txt
or similar, see the above comments.
> - Asking for passwords complicates automated installs so autogen one
> at least if debconf is not run interactively.
i would argue that if we're doing an automated/non-interactive install,
we should do exactly nothing for this, because the person doing the
install probably knows more than we do about what's going on (like an
FAI install, for example, which may set the password later via a script).
sean
--
signature.asc
Description: Digital signature
