New db.debian.org address

To: Debian Developers <debian-devel@lists.debian.org>
Subject: New db.debian.org address
From: Jason Gunthorpe <jgg@ualberta.ca>
Date: Sun, 30 May 1999 15:24:52 -0600 (MDT)
Message-id: <[🔎] Pine.LNX.3.96.990530151709.24635t-100000@Wakko.deltatee.com>

Hi All,

I've just put up chpasswd@db.debian.org which is an automated daemon for
re-creating lost passwords. You must send a PGP signed message with the
phrase 'Please change my debian password' (case sensitive). It will email
you back a PGP/GPG encrypted message containing your new password.

Right now it does not actually effect a change of password, it only goes
through the motions of generating and encrypting.

I use this incantation for testing:
echo "Please change my Debian password" | gpg --clearsign | mail chpasswd@db.debian.org

Now, like the ping address this one also has replay protection, signature
expiration and all that other good stuff. It also requires that the
message start with the phrase I have given above, this should be ample to
protect against forgeries. Final version will also CC: the @debian.org
address of the account.

One thing to note is that the Daemon senses if the message was
signed with PGP2 or 'something else'. If PGP2 is detected it enters a
special PGP2 compatibility mode. Otherwise is encrypts using the OpenPGP
spec (GPG and PGP5). Encryption in this mode does not use IDEA or the
PGP2.x packet format.

Please send a few messages to it and see if you can read the results, let
me know of any problems!

Thanks,
Jason

Reply to:

Follow-Ups:
- Re: New db.debian.org address
  - From: Javier Fernandez-Sanguino Pen~a <jfs@dat.etsit.upm.es>
- Re: New db.debian.org address
  - From: Raphael Hertzog <rhertzog@hrnet.fr>

Prev by Date: Re: Number of developers, keyring map
Next by Date: Re: New db.debian.org address
Previous by thread: First message on SecureLinux mailing list (was: Fw: Welcome)
Next by thread: Re: New db.debian.org address
Index(es):
- Date
- Thread