Re: [RFR] templates://pam-mysql/{libpam-mysql.templates}

To: debian-l10n-english@lists.debian.org
Cc: 685580@bugs.debian.org
Subject: Re: [RFR] templates://pam-mysql/{libpam-mysql.templates}
From: Justin B Rye <jbr@edlug.org.uk>
Date: Sun, 26 Aug 2012 18:39:07 +0100
Message-id: <[🔎] 20120826173907.GB13603@xibalba.demon.co.uk>
Mail-followup-to: debian-l10n-english@lists.debian.org, 685580@bugs.debian.org
In-reply-to: <[🔎] SmithReviewDebconf-pam-mysql-rfr-1345995632@mykerinos>
References: <[🔎] SmithReviewDebconf-pam-mysql-rfr-1345995632@mykerinos>

Christian PERRIER wrote:
>  Template: pam-mysql/config_file_noread
>  Type: boolean
>  Default: true
> +_Description: Restrict access to pam-mysql configuration file to root?
> + This version of pam-mysql uses a configuration file which may include
> + passwords. It is recommended to restrict access to this file
> + so that unprivileged users can't read it.
>   .
> + If you choose this option, only root will have read access to pam-mysql
> + configuration file.

Insert "the":                                                    ^

In the control file:
>  Depends: ${shlibs:Depends}, ${misc:Depends}
>  Description: PAM module allowing authentication from a MySQL server
>   This module lets you use a MySQL database as a source of
> - authentication (but not session or other) information for PAM-enabled
> - apps.
> + authentication information for PAM-enabled
> + applications. It doesn't allow session authentication, though.
> 
> Small changes but this can be improved again, I guess.

That might be changing the meaning.  "Authentication (but not session
or other) information" is short for "authentication information (but
not session information or other information)".  Is that what it's
supposed to be saying?  It might be:

    This module lets PAM-enabled applications use a MySQL table for "auth"
    (but not "account", "password", or "session") management.

But reading the upstream FAQ I think it's more like:

    This module lets PAM-enabled applications interface with a MySQL table
    of usernames and passwords (but does not handle other account data).

(This doesn't mention "auth", but that's in the synopsis.)

Tentative patch attached.
-- 
JBR	with qualifications in linguistics, experience as a Debian
	sysadmin, and probably no clue about this particular package

diff -ru old/control new/control
--- old/control	2012-08-22 08:33:14.044411181 +0100
+++ new/control	2012-08-26 18:31:17.556411397 +0100
@@ -10,6 +10,5 @@
 Architecture: any
 Depends: ${shlibs:Depends}, ${misc:Depends}
 Description: PAM module allowing authentication from a MySQL server
- This module lets you use a MySQL database as a source of
- authentication (but not session or other) information for PAM-enabled
- apps.
+ This module lets PAM-enabled applications interface with a MySQL table
+ of usernames and passwords (but does not handle other account data).
diff -ru old/libpam-mysql.templates new/libpam-mysql.templates
--- old/libpam-mysql.templates	2012-08-22 08:33:12.444411412 +0100
+++ new/libpam-mysql.templates	2012-08-26 18:29:49.684411388 +0100
@@ -1,10 +1,10 @@
 Template: pam-mysql/config_file_noread
 Type: boolean
 Default: true
-Description: Chmod configuration file?
- This version of pam-mysql has a configuration file which may include
- passwords. Do you want to disable normal users from reading this
- file? 
+_Description: Restrict access to pam-mysql configuration file to root?
+ This version of pam-mysql uses a configuration file which may include
+ passwords. It is recommended to restrict access to this file
+ so that unprivileged users can't read it.
  .
- There is probably no good reason *not* to do this. As the most common
- reason to use the configuration file is to hide the password.
+ If you choose this option, only root will have read access to the
+ pam-mysql configuration file.

Template: pam-mysql/config_file_noread
Type: boolean
Default: true
_Description: Restrict access to pam-mysql configuration file to root?
 This version of pam-mysql uses a configuration file which may include
 passwords. It is recommended to restrict access to this file
 so that unprivileged users can't read it.
 .
 If you choose this option, only root will have read access to the
 pam-mysql configuration file.

Source: pam-mysql
Section: admin
Priority: extra
Maintainer: Paweł Więcek <coven@debian.org>
Uploaders: Lars Bahner <bahner@debian.org>
Standards-Version: 3.8.0
Build-Depends: libpam0g-dev, libmysqlclient15-dev, debhelper (>= 5.0.0), libssl-dev, dpatch

Package: libpam-mysql
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}
Description: PAM module allowing authentication from a MySQL server
 This module lets PAM-enabled applications interface with a MySQL table
 of usernames and passwords (but does not handle other account data).

Reply to:

Follow-Ups:
- Re: Bug#685580: [RFR] templates://pam-mysql/{libpam-mysql.templates}
  - From: Christian PERRIER <bubulle@debian.org>

References:
- [RFR] templates://pam-mysql/{libpam-mysql.templates}
  - From: Christian PERRIER <bubulle@debian.org>

Prev by Date: Re: [RFR] templates://firmware-nonfree/{templates/templates.license.in}
Next by Date: [LCFC] templates://firmware-nonfree/{templates/templates.license.in}
Previous by thread: Bug#685580: Info received ([RFR] templates://pam-mysql/{libpam-mysql.templates})
Next by thread: Re: Bug#685580: [RFR] templates://pam-mysql/{libpam-mysql.templates}
Index(es):
- Date
- Thread