Christian PERRIER wrote:
> Quoting Thomas Goirand (tho...@goirand.fr):
>> Template: dtc/conf_enforce_adm_encryption
>> Type: boolean
>> Default: true
>> _Description: Enforce DTC admin password(s) encryption?
No, it's rarely possible to slide a plural marker into the middle of a
stack of nouns. This would usually be "DTC admin password encryption"
regardless of how many DTCs, admins, and passwords there are. And the
stack's too high to be comfortable, which is why I suggested
_Description: Encrypt DTC admin passwords?
>> To enhance security in case of a breach, DTC can encrypt all
>> admin passwords. If passwords are encrypted, you cannot see them
>> by clicking on the magnifying glass icon (you will only see the
>> encrypted version of the password), but you can always use the
>> dtcpasswdm shell script to (re)set a password. If this is the
(Insert paragraph break^)
>> first time you are encrypting your passwords and you are upgrading
>> from a previous version of DTC that didn't support password
>> encryption, may issue the following shell script command to
^(missing word)
>> encrypt all existing passwords:
If I'm upgrading from a previous version of DTC that didn't support
password encryption, surely it must necessarily follow that this is
the first chance I've had to encrypt my passwords? This phrasing also
leaves it unclear whether I've got the option of upgrading, using DTC
without encryption for a while, then changing my mind and using this
recipe later.
>> .
>> mysql --defaults-file=/etc/mysql/debian.cnf -Ddtc --execute="UPDATE admin
>> SET adm_pass=PASSWORD(adm_pass)"
>> .
>> mysql --defaults-file=/etc/mysql/debian.cnf -Ddtc --execute="UPDATE
>> tik_admins SET tikadm_pass=PASSWORD(tikadm_pass)"
>
> These commands are very long and will not fit well in debconf screens.
>
> Any chance that you point users to a README.Debian file to explain
> this?
You could trim it back to something like
.
Previously created admin passwords will not be affected - to convert
an existing DTC installation, use:
.
mysql --defaults-file=/etc/mysql/debian.cnf -Ddtc \
--execute="UPDATE admin SET adm_pass=PASSWORD(adm_pass)"
mysql --defaults-file=/etc/mysql/debian.cnf -Ddtc \
--execute="UPDATE tik_admins SET tikadm_pass=PASSWORD(tikadm_pass)"
That's not pretty, though. It's probably wiser to say "use the recipe
in README.Debian" so that I don't have to get my notebook out in the
middle of a dist-upgrade...
(I'm assuming that answering "yes" to this debconf question does only
encrypt subsequently created passwords... if that's wrong, and
answering "yes" will also encrypt existing admin passwords, then this
recipe is redundant - I can answer "no" now, then just run
dpkg-reconfigure again when I change my mind. On the other hand in
this case there would also need to be a warning that re-running it to
change my answer from "yes" to "no" isn't going to do what I'm hoping
for...)
--
JBR with qualifications in linguistics, experience as a Debian
sysadmin, and probably no clue about this particular package
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
