[please follow up to -project or -admin or just me, depending on what seems more appropriate.]
Hi, if you use sudo on project machines this will affect you. The short version: If you want to use sudo in the future, go to http://db.debian.org/ and set a sudo password for you. A slightly longer version: We are trying to limit the exposure of login and ldap passwords on project machines. Currently everybody who is using sudo on a project machine has to use their login and ldap password, which in case of a compromise can be used to access other machines and change the user's settings in ldap. Since sudo uses the pam library to authenticate users, we can make use of a dedicated passwords file using libpam-pwdfile for authentication to sudo. Userdir-ldap (http://db.debian.org) has been modified to allow users to set a (per host if desired) password for their use of sudo. After setting a new sudo password on the web interface this change has to be confirmed by sending a signed mail - the web interface should instruct you accordingly. This confirmation is intended to prevent an attacker who has learned a login/ldap password to elevate this to sudo-access. We are slowly updating the machines to use the new config. Please see https://dsawiki.debian.org/dsawiki/New-Sudo for per machine progress status. Cheers, weasel [is there a list that all buildd admins are on?] -- | .''`. ** Debian GNU/Linux ** Peter Palfrader | : :' : The universal http://www.palfrader.org/ | `. `' Operating System | `- http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]