Package: dbconfig-common
Version: 1.8.36
Severity: normal
Tags: patch
The default value for dbconfig-common/pgsql/authmethod-admin,
'ident', is a bad choice for remote servers. As mentioned in
/usr/share/doc/dbconfig-common/README.pgsql, ident is easily spoofable
in non-secured networks.
With dbconfig-common/remote-questions-default set to prefer remote
servers, the default should thus be 'password' instead of 'ident'.
Proposed patch attached. I'm not sure about the priority, but maybe
it's best to leave it at 'low' and just change the default.
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.18-4-xen-amd64 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=fi_FI.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages dbconfig-common depends on:
ii debconf [debconf-2.0] 1.5.14 Debian configuration management sy
ii ucf 3.003 Update Configuration File: preserv
dbconfig-common recommends no packages.
Cheers,
--
Niko Tyni [EMAIL PROTECTED]
diff --git a/debian/changelog b/debian/changelog
index 6d54d91..e4a7130 100644
diff --git a/dpkg/common b/dpkg/common
index a97d34e..78dd610 100644
--- a/dpkg/common
+++ b/dpkg/common
@@ -65,8 +65,10 @@ dbc_config(){
# the database types that support it
if [ "$dbc_remote_questions_default" = "true" ]; then
dbc_remote_questions_priority="high"
+ dbc_default_pgsql_authmethod_admin="password"
else
dbc_remote_questions_priority="low"
+ dbc_default_pgsql_authmethod_admin="ident"
fi
dbc_set_dbtype_defaults $dbc_dbtype
@@ -244,6 +246,9 @@ dbc_preseed_package_debconf(){
if [ -z "$dbc_dbtype" ] || [ "$dbc_dbtype" = "pgsql" ]; then
if [ "$dbc_authmethod_admin" ]; then
db_set $dbc_package/pgsql/authmethod-admin
"$dbc_authmethod_admin"
+ else if [ "$dbc_default_pgsql_authmethod_admin" ]; then
+ db_set $dbc_package/pgsql/authmethod-admin
"$dbc_default_pgsql_authmethod_admin"
+ fi
fi
if [ "$dbc_authmethod_user" ]; then
db_set $dbc_package/pgsql/authmethod-user
"$dbc_authmethod_user"
