On Wed, Jun 05, 2013 at 11:35:23PM +0200, Holger Levsen wrote: > package: debian-edu-config > severity: serious > x-debbugs-cc: debian-edu@lists.debian.org > version: 1.704 > > Hi, > > On Mittwoch, 5. Juni 2013, Wolfgang Schweer wrote: > > > > Don't know if it was the case before, but now the root password entered > > > > during installation is visible in /var/cache/debconf/templates.dat and > > > > /var/cache/debconf/templates.dat-old (as KDC and LDAP passwords). > > > That is very strange. The values are supposed to be wiped out at the > > > end of the installation, and their type 'password' which is handled > > > specially by debconf and not stored in the "public" database. > > /var/cache/debconf/passwords.dat is clean, but templates.dat and > > templates.dat-old contain both: first-user-password and root pw (as KDC > > and LDAP pw. > > Filing as serious bug, so we dont forget. Don't know if the bug is present in version 1.704, too. This definitly is the case for d-e-config, version 1.705, contained in the latest netinst iso image (as of May, 5th). Wolfgang
Attachment:
signature.asc
Description: Digital signature