Re: PAM release status

To: debian-devel@lists.debian.org
Subject: Re: PAM release status
From: Sam Hartman <hartmans@debian.org>
Date: Mon, 05 Apr 2004 17:42:31 -0400
Message-id: <[🔎] tslsmfiaypk.fsf@konishi-polis.mit.edu>
In-reply-to: <[🔎] 20040404233648.064d5c1f.dbharris@eelf.ddts.net> (David B. Harris's message of "Sun, 4 Apr 2004 23:36:48 -0400")
References: <[🔎] 20040404202851.BD59E15159C@konishi-polis.mit.edu> <[🔎] 20040404165840.70ec40d2.dbharris@eelf.ddts.net> <[🔎] tsln05rqpet.fsf@konishi-polis.mit.edu> <[🔎] 20040404233648.064d5c1f.dbharris@eelf.ddts.net>

>>>>> "David" == David B Harris <dbharris@eelf.ddts.net> writes:

    David> On Sun, 04 Apr 2004 19:44:26 -0400
    David> Sam Hartman <hartmans@debian.org> wrote:
    David> On Sun, 4 Apr 2004 16:28:51 -0400 (EDT)
    David> Sam Hartman <hartmans@debian.org> wrote:
    >> >> 1) PAM upgrades from woody force users to answer a dpkg >>
    >> conffile question.
    >> 
    David> I don't mind. And the solution suggested seems error-prone
    David> and difficult for a user to easily understand.
    >>  The behavior without the solution is difficult for users to
    >> understand.

    David> You're saying that *conffile* prompts are difficult for an
    David> admin to understand? Are you sure these folk are using
    David> Debian?

Yes.  I'm saying that *conffile* prompts are reasonably difficult for
reasonably skilled users I have watched use Debian.  They seem to be
OK if they remember modifying the file, but seem to flail in the
following cases:

1) They forget the change they made

2) They don't know what the file does.

3) They didn't actually make  the change in the first place; some maintainer script did.

By skilled users, I include free software developers and other people
who are clearly within the narrowest interpretation of the consensus
definition of Debian's target market.  In other words, even if you
only think we're developing an OS for traditional Unix users, our
users will have a problem with conffile prompts in some cases.  For
those of us who are trying to write a more general operating system,
the problem is even worse.

I'm not saying that everyone finds the conffile prompts confusing.
I'd hope that Debian developers understand them and know what they
mean.  I suspect others do.  I'm simply arguing that a user population
we care about finds them confusing.

    David> Just wanted to inject a bit of realism :) See below.

    >> I think you should justify why you believe the proposed
    >> solution is error-prone; I don't really see that.

    David> Okay, but before I do that, could you answer a few
    David> questions?

    David> 1) What is the default for Woody? MD5 passwords or non-MD5
    David> passwords?  (And by default, I mean "when they're asked in
    David> the installation, which is the default answer?)  2) 

md5 passwords are the default.  That is, tby default, the installation
will modify conffiles.

    David> When
    David> you say 'if the md5sum of /etc/pam.d/other matches ...', do
    David> you mean 'for each configuration file in /etc/pam.d/, if it
    David> matches the md5sum of ...'?

No, I mean that I'll check the md5sum of /etc/pam.d/other.  The
installation modifies /etc/pam.d/other, /etc/pam.d/passwd and
/etc/pam.d/login.  As I said in my message I'll submit similar patches
to shadow in order to deal with files belonging to that package.

Reply to:

References:
- PAM release status
  - From: Sam Hartman <hartmans@debian.org>
- Re: PAM release status
  - From: David B Harris <dbharris@eelf.ddts.net>
- Re: PAM release status
  - From: Sam Hartman <hartmans@debian.org>
- Re: PAM release status
  - From: David B Harris <dbharris@eelf.ddts.net>

Prev by Date: Re: New summary: Binary peripheral software
Next by Date: Re: New summary: Binary peripheral software
Previous by thread: Re: PAM release status
Next by thread: Re: PAM release status
Index(es):
- Date
- Thread