Hi, I didn't realise that shadow passwords had crept into the equation as well. I turn them on by going:
chroot $target shadowconfig on in one of the scripts, I use DEFAULT/S30 Andrew On Fri, Feb 07, 2003 at 10:16:09AM +1100, [EMAIL PROTECTED] wrote: > On 6 Feb 2003 at 12:37, Recycle Computer shaped the electrons to say... > > > > > Change the pam configuration files to allow md5? > > > > --mark-- > > > > Hello fellow faiers, > > Firstly, many thanks for all the help and suggestions you have given on this topic. > > Mark, this is how I have been doing it all along and from what I've heard, what >everyone else has > been doing for the sake of 'getting things going' aswell, but as Andrew has >mentioned in earlier > posts, it really is a cludge as the passwd program will remain to be unconfigurable >nor registered > with debconf. > > I am unsure of the long-term gravity of doing so, and have therefore not posted a >"SUMMARY" to > the list yet to close the topic officially and this is because I still have hopes of >finding out how to > achieve this :-) MD5 and shadow as far as I am concerned are fundamental and basic >necessity > of any system that wishes to be even marginally secured and should not only be fixed >but a > default ;-) Now, I've continued doing some research on the matter and I have found >out a few > concrete things. In Chapter 5 of the Debian Policy Manual >(http://www.debian.org/doc/debian- > policy/ch-miscellaneous.html) it specifically states: > > "Since an interactive debian/rules script makes it impossible to auto-compile that >package and > also makes it hard for other people to reproduce the same binary package, all >required targets > MUST be non-interactive." > > Am I to understand the passwd program _should_ actually be able to install >non-interactively if it is > to comply with the Debian policy? Furthermore, I am using 'woody' here not a testing >nor unstable > release and this is what worries me even more, it may 'never get fixed'. In response >to Sebastien's > e-mail a few days ago, I have the following package versions in woody(stable): > > dpkg/woody uptodate 1.9.21 > debconf/woody uptodate 1.0.32 > passwd/woody uptodate 20000902-12 > base-passwd/woody uptodate 3.4.1 > > One interesting thing to note is that we both have the same passwd version (although >I don't know > his base-passwd and whether this should interfere with it or not). This leads me to >believe it may > not be a problem with the passwd package itself, but something else, however it is >made more > confusing since many of the other packages I install which make use of debconf (like >apache, > etc), install non-interactively perfectly. In the meantime, I have been trying to >work out the problem > myself by ripping everything apart and recompiling the passwd program (which is >really a shadow > suite with 12 or so patches + the login program), and doing things like setting the >"-x" parameter > for bash in the passwd.config script in the hopes of seeing anything that may >possibly be causing > this, etc. > > I would like to know if anyone on this list has experience with submitting bugs to >b.d.o and/or can > say for certain what is causing this so that I may submit a bug report. The only >thing stopping me > from doing so already is that the _same_ passwd program is used in both a working >and non- > working system as mentioned previously. Also worth mentioning is that if passwd is >installed > _interactively_ through dialog (even on the FAI freshly installed or chrooted system >$ROOTCMD > dpkg-reconfigure -fdialog passwd), it works _perfectly_. > > Strange indeed. > > Ideas? Thoughts? Comments? > PS- Sorry for the inordinately long post :-) > > Regards, > > Senaque > --- > E-MAIL: [EMAIL PROTECTED] > IRC: #FAI @ irc.freenode.net > WWW: http://www.sf.net/users/senaque/ >
