Hi Mike, On Montag, 1. April 2013, [email protected] wrote: > Author: mike-gabriel-guest > Date: 2013-04-01 12:53:32 +0000 (Mon, 01 Apr 2013) > New Revision: 79569 > > Modified: > trunk/src/debian-edu-config/debian/changelog > trunk/src/debian-edu-config/etc/samba/smb-debian-edu.conf > Log: > Fix passwd sync in Samba, point users to using GOsa?\194?\178 for password > changes. (Partially resolves: #656296).
at first I was only concered, because I couldnt see debian-edu-config depend
or recommend krb5-admin-server which provices /usr/sbin/kadmin.local
but then I also wondered about the following:
> + # sync Kerberos password via kadmin.local
> + unix password sync = yes
> + passwd program = /usr/sbin/kadmin.local -q 'cpw %u'
> + passwd chat = "Authenticating as principal*"\n"Enter password for
> principal *"%u"*:*" %n\n \n"Re-enter password for principal *"%u"*:*" %n\n
this doesn't allow for translations :-(
> \n"Password for *"%u"@* changed."\n + # dangerous: reveals clear text
> password in Samba log files... + passwd chat debug = no
what? or rather, what the f?! why oh why by the love of kittens, why does it
write passwords into a logfile? My brain hurts.
If this is really the case, I suggest to revert this "fix". This is worse than
how it was before.
cheers,
Holger
signature.asc
Description: This is a digitally signed message part.
