[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [debian-edu-commits] r79569 - in trunk/src/debian-edu-config: debian etc/samba

Hi Mike,


On Montag, 1. April 2013, mike-gabriel-guest@alioth.debian.org wrote:

> Author: mike-gabriel-guest

> Date: 2013-04-01 12:53:32 +0000 (Mon, 01 Apr 2013)

> New Revision: 79569


> Modified:

> trunk/src/debian-edu-config/debian/changelog

> trunk/src/debian-edu-config/etc/samba/smb-debian-edu.conf

> Log:

> Fix passwd sync in Samba, point users to using GOsa?\194?\178 for password

> changes. (Partially resolves: #656296).


at first I was only concered, because I couldnt see debian-edu-config depend or recommend krb5-admin-server which provices /usr/sbin/kadmin.local

but then I also wondered about the following:


> + # sync Kerberos password via kadmin.local

> + unix password sync = yes

> + passwd program = /usr/sbin/kadmin.local -q 'cpw %u'

> + passwd chat = "Authenticating as principal*"\n"Enter password for

> principal *"%u"*:*" %n\n \n"Re-enter password for principal *"%u"*:*" %n\n


this doesn't allow for translations :-(


> \n"Password for *"%u"@* changed."\n + # dangerous: reveals clear text

> password in Samba log files... + passwd chat debug = no


what? or rather, what the f?! why oh why by the love of kittens, why does it write passwords into a logfile? My brain hurts.


If this is really the case, I suggest to revert this "fix". This is worse than how it was before.





Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to: