On Sat, Aug 23, 2008 at 01:54:20PM +0100, Justin B Rye wrote: > Package: libpam-smbpass > Version: 2:3.2.1-1 > Severity: minor
> This is part of a set of related bugreports on the packages in the > Samba suite; I've already reported many of these issues (with some > suggested fixes) as a single bugreport on samba4 (see #486370), but > since that approach is a dud I'm trying the alternative of splitting > them up and targetting individual packages. This should have been a single bug report against the samba package, not 14 separate bug reports! I'm half inclined to close all of these and ask for resubmission as a single bug report. > Current package description: > # Description: pluggable authentication module for SMB/CIFS password database > # This is a stackable PAM module that allows a system administrator to easily > # migrate to using encrypted passwords for Samba and to keep smb passwords in > # sync with unix passwords. Unlike other solutions, it does this without > # requiring users to change their existing passwords or login to Samba using > # cleartext passwords. > Problems shared with other packages in the set: > * this synopsis obeys DevRef's recommendation of dropping an initial > article, but then overzealously extends the rule to "[the] > SMB/CIFS password database". The developer's reference also advises that the short description should be short, ideally less than 50 characters. This one is already 63 characters long; adding in the article wouldn't have been an improvement. > * Samba is all about OS interoperability, so keep the OS names > straight. These "unix passwords" aren't just for UNIX, > they're also used on GNU/Linux! In fact, why not stick to > talking about "/etc/passwd"? a) Unix passwords are those passwords managed by the pam_unix module. b) Passwords aren't stored in /etc/passwd. c) These passwords are only /usually/ stored in /etc/shadow: pam_unix will also manage other Unix password backends (such as NIS and NIS+). d) The distinction between Unix and GNU/Linux as OSes is utterly uninteresting in the 21st century. What's being referred to here are the password databases that are common to all recent Unix systems. I would be ok with "to keep SMB passwords in sync with the Unix password database". Does that sound ok to you? > * "PAM module" is a mild but easily avoidable PIN-numberism (and > "stackable" is redundant). Well, I guess we can debate whether it's redundant to declare that a PAM module is stackable, given some of the modules out there... probably more redundant now than when it was written, at least. :) That's fine. And given that PAM stands for "Pluggable Authentication Modules", "PAM module" is not a PIN-numberism, though the wording can be improved in the way you suggest. > * and a wishlist item: WIBNI all the packages in the suite had > consistently styled short descriptions. Likewise, in this > case, consistent what-Samba-is boilerplate. I don't agree that this is an improvement. "Samba implements the SMB/CIFS protocol" is irrelevant to explaining to the user what libpam-smbpass is for: libpam-smbpass is for use with Samba, and if you don't already have Samba installed you don't need libpam-smbpass. > Problems unique to this package: > * six repetitions of the word "password(s)"! > * "smb passwords" - make that "SMB", or avoid the jargon entirely. Agreed. > * the noun is one word, "a login", but the verb is "to log > (oneself) in (to...)". Yes (and tsk, shame on me for the sloppiness). > * "requiring" users to change passwords directly inconveniences > them; "requiring" users to use cleartext logins does not, so > don't phrase it as if they were parallel cases. It's an inconvenience when their password is stolen over the wire. > And something I don't know Samba well enough to be sure about: are > the "other solutions" it mentions still relevant in the 21st century > or does this need a complete rewrite? > > Suggested replacement text: > | Description: Samba pluggable authentication module > | The Samba software suite implements the SMB/CIFS protocol, providing > | cross-platform support for Windows-style network shares. Not useful to have in the description, as mentioned above. > | . > | This package provides a module for PAM that lets Samba migrate to using > | encrypted passwords, and keep them in sync with /etc/passwd. Unlike other "/etc/passwd" - inaccurate. > | solutions, it does this without needing Samba logins to be sent in > | cleartext, or forcing users to change their existing passwords. "Samba logins to be sent in cleartext" - inaccurate, the question is whether *passwords* are sent in cleartext. Counter-suggestion: Description: pluggable authentication module for SMB password database This is a module for PAM that enables a system administrator to migrate user passwords from the Unix password database to the SMB password database as used by Samba, and to subsequently keep the two databases in sync. Unlike other solutions, it does this without needing users to log in to Samba using cleartext passwords, or requiring them to change their existing passwords. I don't particularly like the use of the term "SMB password database" (more accurate would be to call it an "NTLM password database"), but it's consistent with the upstream terminology for the moment. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ [EMAIL PROTECTED] [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
