Re: [RFR] templates://pam-mysql/{libpam-mysql.templates}
Christian PERRIER wrote:
> Template: pam-mysql/config_file_noread
> Type: boolean
> Default: true
> +_Description: Restrict access to pam-mysql configuration file to root?
> + This version of pam-mysql uses a configuration file which may include
> + passwords. It is recommended to restrict access to this file
> + so that unprivileged users can't read it.
> .
> + If you choose this option, only root will have read access to pam-mysql
> + configuration file.
Insert "the": ^
In the control file:
> Depends: ${shlibs:Depends}, ${misc:Depends}
> Description: PAM module allowing authentication from a MySQL server
> This module lets you use a MySQL database as a source of
> - authentication (but not session or other) information for PAM-enabled
> - apps.
> + authentication information for PAM-enabled
> + applications. It doesn't allow session authentication, though.
>
> Small changes but this can be improved again, I guess.
That might be changing the meaning. "Authentication (but not session
or other) information" is short for "authentication information (but
not session information or other information)". Is that what it's
supposed to be saying? It might be:
This module lets PAM-enabled applications use a MySQL table for "auth"
(but not "account", "password", or "session") management.
But reading the upstream FAQ I think it's more like:
This module lets PAM-enabled applications interface with a MySQL table
of usernames and passwords (but does not handle other account data).
(This doesn't mention "auth", but that's in the synopsis.)
Tentative patch attached.
--
JBR with qualifications in linguistics, experience as a Debian
sysadmin, and probably no clue about this particular package
diff -ru old/control new/control
--- old/control 2012-08-22 08:33:14.044411181 +0100
+++ new/control 2012-08-26 18:31:17.556411397 +0100
@@ -10,6 +10,5 @@
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}
Description: PAM module allowing authentication from a MySQL server
- This module lets you use a MySQL database as a source of
- authentication (but not session or other) information for PAM-enabled
- apps.
+ This module lets PAM-enabled applications interface with a MySQL table
+ of usernames and passwords (but does not handle other account data).
diff -ru old/libpam-mysql.templates new/libpam-mysql.templates
--- old/libpam-mysql.templates 2012-08-22 08:33:12.444411412 +0100
+++ new/libpam-mysql.templates 2012-08-26 18:29:49.684411388 +0100
@@ -1,10 +1,10 @@
Template: pam-mysql/config_file_noread
Type: boolean
Default: true
-Description: Chmod configuration file?
- This version of pam-mysql has a configuration file which may include
- passwords. Do you want to disable normal users from reading this
- file?
+_Description: Restrict access to pam-mysql configuration file to root?
+ This version of pam-mysql uses a configuration file which may include
+ passwords. It is recommended to restrict access to this file
+ so that unprivileged users can't read it.
.
- There is probably no good reason *not* to do this. As the most common
- reason to use the configuration file is to hide the password.
+ If you choose this option, only root will have read access to the
+ pam-mysql configuration file.
Template: pam-mysql/config_file_noread
Type: boolean
Default: true
_Description: Restrict access to pam-mysql configuration file to root?
This version of pam-mysql uses a configuration file which may include
passwords. It is recommended to restrict access to this file
so that unprivileged users can't read it.
.
If you choose this option, only root will have read access to the
pam-mysql configuration file.
Source: pam-mysql
Section: admin
Priority: extra
Maintainer: Paweł Więcek <coven@debian.org>
Uploaders: Lars Bahner <bahner@debian.org>
Standards-Version: 3.8.0
Build-Depends: libpam0g-dev, libmysqlclient15-dev, debhelper (>= 5.0.0), libssl-dev, dpatch
Package: libpam-mysql
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}
Description: PAM module allowing authentication from a MySQL server
This module lets PAM-enabled applications interface with a MySQL table
of usernames and passwords (but does not handle other account data).
Reply to: