but this is why I'm posting the list, I need ideas for this sort of thing, I have most of the major stuff worked out, like not needed a db for uids, and keeping the debs identical, but some parts like the passwd field and how to modify, ie: two pkgs need the same user with different info.
but I'm sure all this can be worked out. IMHO it'll be better then the current methode while has passwords and such in a file and all users are added whether you use them or not. Plus it's a pain for maintainers to add users/groups ATM.
maybe making the passwd an MD5 field, so it's not clear text at least?
On Monday, August 11, 2003, at 11:40 AM, Chris Dolan wrote:
Am I missing something?
I don't understand why you have a Pass field at all. Default passwords are evil, and are an obvious route for attackers. Perhaps Pass should be a flag to indicate that Fink should prompt the user for a password? That's still rotten, IMHO, but infinitely better than having default passwords.
The usual procedure is to use "*" as the crypted password for daemon accounts, indicating that nobody may log in using that account directly. IIRC, a blank password crypt usually means that no password is required for login, yes? That would be very bad.
Chris
------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 _______________________________________________ Fink-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/fink-devel
