Should md5 password settings be preserved across upgrades?
Hi,
when I last installed Debian from scratch[1], installation asked me
whether I want to use md5 passwords. Since I fortunately don't have
any legacy systems around, I happily agreed and had all passwords md5
crypted.
Today, I upgraded a system from woody to sid, and was quite astonished
that I got dpkg conffile prompts for /etc/pam.d/login,
/etc/pam.d/other and /etc/pam.d/other. I have never manually touched
these files since I did not yet fully grasp PAM's concepts. There were
some changes in comments, and the new conffile versions all removed
the md5 flags that were present there.
This is very surprising since I would have expected that the choice
"Yes, use md5 passwords" would live over distribution upgrades. But
now that I think about it, I remember that this issue was already
present in the potato => woody upgrade.
In my naive world, I would have expected that the choice "md5 or no"
would be written to a file and honored even across package upgrades.
But it looks like only base-config asks this question and then messes
around with conffiles of at least three other packages, namely
libpam-runtime, login and passwd, which is a clear policy violation.
I would love to see the installator's decision to use md5 passwords to
be honored during the foo => sarge upgrade. Are there already plans to
establish a mechanism to allow this?
Greetings
Marc
[1] which was shortly after potato's release, all systems I have built
since then were installed by unpacking a base system tarball
--
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber | " Questions are the | Mailadresse im Header
Karlsruhe, Germany | Beginning of Wisdom " | Fon: *49 721 966 32 15
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fax: *49 721 966 31 29
Reply to: