On Fri, Nov 14, 2003 at 11:37:45AM -0500, Matt Zimmerman wrote: > On Thu, Nov 13, 2003 at 11:16:59PM -0500, Sam Hartman wrote: > > >>>>> "Matt" == Matt Zimmerman <mdz@debian.org> writes: > > Matt> I think a single "Will you be using NIS?" question would be > > Matt> justified; this could provide defaults for md5 vs. crypt > > Matt> passwords and setuid-ness of unix_chkpwd, and so those > > Matt> questions could be suppressed by default. > > I disagree. Debian is sufficiently hard to install that developers of > > security software I've asked to install it have been frustrated to the > > point of not using it by the number of questions. I believe adding > > questions about NIS would be inappropriate. > The method I described, if implemented, would not change the number of > questions asked in a default install. The NIS question would essentially > replace the md5 question, which would remain at default unless the user asks > to see every single question. Oh, but the md5 question was already one too many, which is why it's already been removed for sarge. :) > > I'd rather see a solution where we have some nis support package that > > makes unix_chkpwd setuid root when that support package is installed. > This would be even better. Yes, that doesn't sound like a bad solution. -- Steve Langasek postmodern programmer
Attachment:
pgpfcu2ZEabQA.pgp
Description: PGP signature