debconf best practices: how to ask for a password?
(Please CC me on your replies)
What is the best way to ask for a password in a debconf prompt?
I've got a package (email-reminder) which asks for the SMTP login and
password. I'm using a debconf of type "password" and output the result of
that in a config file (only readable by root).
Now the problem (see bug #462658) is that if you ever put a non-empty
password there, then, you can no longer get rid of it after
dpkg-reconfiguring the package. debconf seems to be ignoring empty password
fields and still returns the previous value.
I found two non-ideal solutions:
1- change the question type to a clear-text field
2- do a "db_reset question" before asking for the question
Obviously I prefer to hide the password as it is being entered by the user
so solution 1 is not my preferred one.
With solution 2, it works as expected, but since I reset the question in the
postinst script, right after the db_get call, that means that every package
install/upgrade must ask this question again.
So I was wondering what the best way to handle a password in debconf is. I
guess that it's a bit more secure not to store the password at all in the
debconf DB, but it's also inconvenient for users to be forced to type their
password everytime they upgrade (especially if they don't need a password
for their SMTP server).