Hi Mike,
On Montag, 1. April 2013, mike-gabriel-guest@alioth.debian.org wrote: > Author: mike-gabriel-guest > Date: 2013-04-01 12:53:32 +0000 (Mon, 01 Apr 2013) > New Revision: 79569 > > Modified: > trunk/src/debian-edu-config/debian/changelog > trunk/src/debian-edu-config/etc/samba/smb-debian-edu.conf > Log: > Fix passwd sync in Samba, point users to using GOsa?\194?\178 for password > changes. (Partially resolves: #656296).
at first I was only concered, because I couldnt see debian-edu-config depend or recommend krb5-admin-server which provices /usr/sbin/kadmin.local but then I also wondered about the following:
> + # sync Kerberos password via kadmin.local > + unix password sync = yes > + passwd program = /usr/sbin/kadmin.local -q 'cpw %u' > + passwd chat = "Authenticating as principal*"\n"Enter password for > principal *"%u"*:*" %n\n \n"Re-enter password for principal *"%u"*:*" %n\n
this doesn't allow for translations :-(
> \n"Password for *"%u"@* changed."\n + # dangerous: reveals clear text > password in Samba log files... + passwd chat debug = no
what? or rather, what the f?! why oh why by the love of kittens, why does it write passwords into a logfile? My brain hurts.
If this is really the case, I suggest to revert this "fix". This is worse than how it was before.
cheers, Holger |
Attachment:
signature.asc
Description: This is a digitally signed message part.