On Thu, Apr 10, 2008 at 08:58:51AM +1000, Ben Finney wrote: > Xavier Luthi <xavier@caroxav.be> writes: > > > The webapp won't allow any authentication becasue the password is > > not set. How to ask for a password? > > Some way that the administrator can do so separately from installing > the package. Ideally, the installation would use the same API to set > the administrative password if available during the install. > > > With a warning message on the administrative page of the webapp > > saying something like: 'Please run (as root) "dpkg-reconfigure > > pixeplpost" to set the password of the administrative user.' > > (priority is always 'low' for dpkg-reconfigure). > > That would do the job at hand, but is unfortunately Debian-specific. > > Better would be to work with the upstream to address this at the > source, such that the solution becomes part of the upstream > distribution. That's up to you to determine whether you have the > resources to do so. The installation procedure from the upstream source ask for the administrative password the very first time anyone access the application (this the "classical" way for a webapp). The assumption is the installation time is the same as the configuration time, thus reducing to a minimum the time when the application is "left open". In the case of the webapp packaged for Debian, the installation time is not always the same as the configuration time, so it is not an option to use the upstream method to set the password: this would be a big security hole. That's why the Debian package of a webapp often needs to diverge from the upstream source in the way the application is configured. Cheers, Xavier
Attachment:
signature.asc
Description: Digital signature