package: debian-edu-config severity: serious x-debbugs-cc: debian-edu@lists.debian.org version: 1.704 Hi, On Mittwoch, 5. Juni 2013, Wolfgang Schweer wrote: > > > Don't know if it was the case before, but now the root password entered > > > during installation is visible in /var/cache/debconf/templates.dat and > > > /var/cache/debconf/templates.dat-old (as KDC and LDAP passwords). > > That is very strange. The values are supposed to be wiped out at the > > end of the installation, and their type 'password' which is handled > > specially by debconf and not stored in the "public" database. > /var/cache/debconf/passwords.dat is clean, but templates.dat and > templates.dat-old contain both: first-user-password and root pw (as KDC > and LDAP pw. Filing as serious bug, so we dont forget. cheers, Holger
Attachment:
signature.asc
Description: This is a digitally signed message part.