Proposal for a rewrite of shadow templates
In #287410, Joey Hess, after watching a new user install a new Debian
system, suggested that the user's full name debconf screen adds some
information about the real purpose of the user's full name when
prompting for it.
This screen is the first seen by users after the root password screen,
in a normal priority install. Thus, being there prompted about a full
name may be surprising especially for newbies.
Below is a rewrite proposal:
Template: passwd/user-fullname
Type: string
_Description: Full name for the new user:
A user account will be created for you to use instead of the root
account for non-administrative activities.
.
Please enter the real name of this user. This information will be used
for instance as default origin for emails sent by this user as well as
any program which displays or uses the user's real name. Your full
name is a reasonable choice.
I will also use this occasion to do some rewrite of these
templates.
Rationale:
-DTSG compliance (see the developer's reference about debconf
templates style guide)
-shorten some screens (namely the root password screen) by removing
information which more pertains to documentation.
Here's the diff. I also attache the full templates file to this mail,
for peer review.
Please keep both addresses CC'ed to answers. No need to CC me.
--- passwd.templates 2005-06-13 20:05:06.000000000 +0200
+++ passwd.templates.new 2005-06-13 23:09:45.000000000 +0200
@@ -4,11 +4,10 @@
You need to set a password for 'root', the system administrative
account. A malicious or unqualified user with root access can have
disastrous results, so you should take care to choose a root password
- that is not easy to guess. It should not be a word found in the dictionary,
- or a word that could be easily associated with you, like your middle name.
+ that is not easy to guess.
+ .
A good password will contain a mixture of letters, numbers and punctuation
- and will be changed at regular intervals. The root password is changed by
- running the 'passwd' program as root.
+ and should be changed at regular intervals.
.
Note that you will not be able to see the password as you type it.
@@ -31,31 +30,36 @@
typing 'adduser <username>' as root, where <username> is an user name,
like 'imurdock' or 'rms'.
+Template: passwd/user-fullname
+Type: string
+_Description: Full name for the new user:
+ A user account will be created for you to use instead of the root
+ account for non-administrative activities.
+ .
+ Please enter the real name of this user. This information will be used
+ for instance as default origin for emails sent by this user as well as
+ any program which displays or uses the user's real name. Your full
+ name is a reasonable choice.
+
Template: passwd/username
Type: string
-_Description: Enter a username for your account:
+_Description: Username for your account:
Select a username for the new account. Your first name is a reasonable choice.
The username should start with a lower-case letter, which can be
followed by any combination of numbers and more lower-case letters.
Template: passwd/username-bad
Type: note
-_Description: Invalid username entered.
+_Description: Invalid username
The user name you entered is invalid. Note that usernames must start with
a lower-case letter, which can be followed by any combination of numbers
and more lower-case letters.
-Template: passwd/user-fullname
-Type: string
-_Description: Enter a full name for the new user:
- A user account will be created for you to use instead of the root
- account for non-administrative activities.
-
Template: passwd/user-password
Type: password
-_Description: Enter a password for the new user:
+_Description: Choose a password for the new user:
A good password will contain a mixture of letters, numbers and punctuation
- and will be changed at regular intervals.
+ and should be changed at regular intervals.
Template: passwd/user-password-again
Type: password
@@ -65,21 +69,20 @@
Template: passwd/password-mismatch
Type: note
-_Description: Password input error.
+_Description: Password input error
The two passwords you entered were not the same. Please try again.
Template: passwd/password-empty
Type: note
-_Description: Empty password was entered.
- You seem to have entered nothing for the password. That is not secure!
- Please try again.
+_Description: Empty password
+ You entered an empty password, which is not recommended.
+ Please choose a non-empty password.
Template: passwd/shadow
Type: boolean
Default: true
_Description: Enable shadow passwords?
Shadow passwords make your system more secure because nobody is able to
- view even encrypted passwords. Passwords are stored in a separate file
+ view even encrypted passwords. The passwords are stored in a separate file
that can only be read by special programs. The use of shadow passwords
- is strongly recommended. However, if you're going to use NIS you could
- run into trouble.
+ is strongly recommended, except in a few cases such as NIS environments.
Template: passwd/root-password
Type: password
_Description: Root password:
You need to set a password for 'root', the system administrative
account. A malicious or unqualified user with root access can have
disastrous results, so you should take care to choose a root password
that is not easy to guess. It should not be a word found in the dictionary,
or a word that could be easily associated with you, like your middle name.
A good password will contain a mixture of letters, numbers and punctuation
and will be changed at regular intervals. The root password is changed by
running the 'passwd' program as root.
.
Note that you will not be able to see the password as you type it.
Template: passwd/root-password-again
Type: password
_Description: Re-enter password to verify:
Please enter the same root password again to verify that you have typed it
correctly.
Template: passwd/make-user
Type: boolean
Default: true
_Description: Create a normal user account now?
It's a bad idea to use the root account for normal day-to-day activities,
such as the reading of electronic mail, because even a small mistake can
result in disaster. You should create a normal user account to use for
those day-to-day tasks.
.
Note that you may create it later (as well as any additional account) by
typing 'adduser <username>' as root, where <username> is an user name,
like 'imurdock' or 'rms'.
Template: passwd/username
Type: string
_Description: Enter a username for your account:
Select a username for the new account. Your first name is a reasonable choice.
The username should start with a lower-case letter, which can be
followed by any combination of numbers and more lower-case letters.
Template: passwd/username-bad
Type: note
_Description: Invalid username entered.
The user name you entered is invalid. Note that usernames must start with
a lower-case letter, which can be followed by any combination of numbers
and more lower-case letters.
Template: passwd/user-fullname
Type: string
_Description: Enter a full name for the new user:
A user account will be created for you to use instead of the root
account for non-administrative activities.
Template: passwd/user-password
Type: password
_Description: Enter a password for the new user:
A good password will contain a mixture of letters, numbers and punctuation
and will be changed at regular intervals.
Template: passwd/user-password-again
Type: password
_Description: Re-enter password to verify:
Please enter the same user password again to verify you have typed it
correctly.
Template: passwd/password-mismatch
Type: note
_Description: Password input error.
The two passwords you entered were not the same. Please try again.
Template: passwd/password-empty
Type: note
_Description: Empty password was entered.
You seem to have entered nothing for the password. That is not secure!
Please try again.
Template: passwd/shadow
Type: boolean
Default: true
_Description: Enable shadow passwords?
Shadow passwords make your system more secure because nobody is able to
view even encrypted passwords. Passwords are stored in a separate file
that can only be read by special programs. The use of shadow passwords
is strongly recommended. However, if you're going to use NIS you could
run into trouble.
Reply to: