Re: debconf best practices: how to ask for a password?
On Tue, Jan 29, 2008 at 08:38:53PM +1100, Brian May wrote:
> >>>>> "Joey" == Joey Hess <firstname.lastname@example.org> writes:
> Joey> Francois Marier wrote:
> >> Now the problem (see bug #462658) is that if you ever put a non-empty
> >> password there, then, you can no longer get rid of it after
> >> dpkg-reconfiguring the package. debconf seems to be ignoring empty password
> >> fields and still returns the previous value.
> Joey> This is a deficiency in debconf's UIs for prompting for password. Since
> Joey> there's generally no sane way to display the old password as the default
> Joey> and allow users to change it or delete the password entirely, debconf
> Joey> instead displays no password, and if the user enters nothing, assumes
> Joey> they meant to enter the old password unchanged.
> This is really confusing UI. To me, as a user, it would appear there
> is no way of reusing the old password, and it would appear that
> pushing enter will result in the password being truncated. In fact
> this is what probably would happen if the system has forgotten the
> password entered for some reason (maybe it was never entered via
> debconf before).
What about this:
if there's a non-empty password, present the user with a magic value (8
stars, one star, "[old password]", etc). If the debconf dialog returns the
magic value, keep the password unchanged. If it's anything else (including
an empty value), use whatever is provided.
As long as no one tries to set the password to the magic value, this should
do the trick.
In an unrelated note, I have several users who haven't changed their
passwords after I set it to "Leave it empty". Hey, it was them who said it
should be that way in the first place :p
1KB // Microsoft corollary to Hanlon's razor:
// Never attribute to stupidity what can be
// adequately explained by malice.