[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Shadow passwords and GNU su

Tom Lees:
> But if Debian is supposed to be moving to shadow in general anyway, why
> give new users the (rather confusing) choice?

Right now, the shadow packages need more testing.  Maybe later...
Many people run single user systems and don't need shadow passwords.

> > samba-1.9.16p9 works just fine with both shadow and non-shadow
>                                       ^^^^^^^^^^^^^^^^^^^^^^^^^^
> > passwords.  No changes required.
> Well, it didn't for me. I tried the binary version currently in bo, and it
> breaks without shadow passwords - is this a bug in shadow or samba? Then,

I have the binary version currently in rex, and it works.  The version
currently in bo is a symlink to the one in rex :-).  I reinstalled it
just to be sure, and it's exactly the same version.  Very strange...

> > # cd /usr/X11R6/bin && mv xdm-shadow xdm
> > (works with both shadow and non-shadow passwords, too)
> Not so sure - else why supply both? See above.

Old versions of X had two separate binaries, xdm-shadow (only for shadow
passwords) and xdm (only for non-shadow passwords).  Later, the code has
been modified to work with both shadow and non-shadow passwords (if
compiled with shadow support), but somehow the old Imakefile was used.
I have reported this to the XFree86 people, and they promised to fix it
in the next release.

> > What is the problem with useradd, that we really shouldn't be using it?
> > Inquiring minds want to know...
> It doesn't follow the Debian way of doing userIDs. What I meant was not to

What is the official correct Debian way of doing userIDs?  I know it has
been discussed a lot, but I don't know if any consensus has been reached.
BTW, the new UID range for useradd is configurable.

> I'll do that then. But do we now need a new virtual package - 'su'? (GNU
> su should be marked Essential, as should shadow-su - but we only want one
> of them installed - how will dpkg and dselect handle this?)

Like login vs shadow-login, I think...  shadow-login Provides, Replaces,
and Conflicts login.  Both are marked Essential.  It seems to work well.


TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com

Reply to: