Re: Request for review

To: debian-l10n-english <debian-l10n-english@lists.debian.org>
Cc: Arthur de Jong <adejong@debian.org>
Subject: Re: Request for review
From: Justin B Rye <jbr@edlug.org.uk>
Date: Sun, 15 Aug 2010 12:16:39 +0100
Message-id: <[🔎] 20100815111639.GA25030@xibalba.demon.co.uk>
Mail-followup-to: debian-l10n-english <debian-l10n-english@lists.debian.org>, Arthur de Jong <adejong@debian.org>
In-reply-to: <[🔎] 1281865350.2956.13.camel@sorbet.thuis.net>
References: <[🔎] 1281865350.2956.13.camel@sorbet.thuis.net>

Arthur de Jong wrote:
> (please keep me in Cc because I'm not subscribed to the list)
[...]
> The question is presented from postinst if a problematic configuration
> is found.         

I hope this means I'd only be asked this if I already had a modified
PAM stack, so I can be assumed to be moderately familiar with the
jargon.

> Template: libpam-ldapd/enable_shadow
> Type: boolean
> Default: true

> _Description: Enable shadow lookups through NSS?
>  For the proper operation of the PAM stack the NSS module should return
>  shadow information for LDAP users, otherwise these users will not be
                                    ^
Technically a "comma splice".

>  able to log in. Note that the shadow entries themselves may be empty
>  (i.e. it is not needed to expose password hashes).
         ^^
Unclear referent (in fact it's just impersonal, but that's not
obvious).  Note that "Note that" is usually redundant.

>  .
>  More background information on this requirement can be found here:
>  http://bugs.debian.org/583492
>  .
>  You can edit /etc/nsswitch.conf by hand or choose to add the entry
>  automatically now. Be sure to review the changes to /etc/nsswitch.conf
>  if you choose to add the entry now.

So that's:

  _Description: Enable shadow lookups through NSS?
   For the proper operation of the PAM stack the NSS module should return
   shadow information for LDAP users; otherwise they will be unable to
   log in. The shadow entries themselves may be empty - that is, there is
   no need for password hashes to be exposed.
   .
   More background information on this requirement can be found here:
   http://bugs.debian.org/583492
   .
   You can edit /etc/nsswitch.conf by hand or choose to add the entry
   automatically now. Be sure to review the changes to /etc/nsswitch.conf
   if you choose to add the entry now.

Or reshuffling it a lot more (and possibly distorting it in the
process):

   To allow LDAP users to log in, the NSS module needs to be enabled to
   perform shadow password lookups. The shadow entries themselves may be
   empty - that is, there is no need for password hashes to be exposed. See
   http://bugs.debian.org/583492 for background.
   .
   Please choose whether /etc/nsswitch should have the required entry added
   automatically (in which case it should be reviewed afterwards) or whether
   it should be left for an administrator to edit manually.

-- 
JBR	with qualifications in linguistics, experience as a Debian
	sysadmin, and probably no clue about this particular package

Reply to:

Follow-Ups:
- Re: Request for review
  - From: Arthur de Jong <adejong@debian.org>

References:
- Request for review
  - From: Arthur de Jong <adejong@debian.org>

Prev by Date: Request for review
Next by Date: Re: Request for review
Previous by thread: Request for review
Next by thread: Re: Request for review
Index(es):
- Date
- Thread