* Chris Hofstaedtler <[email protected]> [2025-12-28 10:00]:
I think turning shadow passwords -off- when uninstalling passwd is a no-go.
Agreed.
just enable shadow by default is the better solution here.Well, but where. base-passwd?
I think that would make sense. base-passwd would need to: sed -i 's/\*/+/' passwd.master group.masterAnd also ship a shadow.master and gshadow.master or generate it with something like:
sed 's/\([^:]*\):.*/\1:*::/' passwd.master > shadow.master sed 's/\([^:]*\):.*/\1:*::/' group.master > gshadow.masterI would assume that represents most of the Debian systems anyhow so it makes sense to ship it by default.
Also not so useful if there is no chance of having *passwords* at all (because there are no tools to write a password without `passwd`).
Not sure I understand, can you explain?
Maybe `shadowconfig on` should just delete the lock file? Didn't investigate yet if this is feasible.
Probably also a good idea but that would be libc as shadowconfig is using pwconv which is calling lckpwdf() and that is creating the lock file. Maybe it should clean it up upon ulckpwdf().
Feel free to clone and reassign if you agree. Cheers Jochen
signature.asc
Description: PGP signature
