Complaint about Debian Small
Why does the Debian small distribution not use shadow/md5 by defualt ?
Thanks
Sunny Dubey
PS: The only reason I can think of not using such is because of NIS (as per debconf warning), however NIS is old and garbage, and anyone thinking about running NIS should really look into nssldap and pamldap (which work on solaris too).
6 Replies
One can enable shadow via shadowconfig, and can change from crypt() to MD5 via dpkg-reconfigure passwd
I shall know tomorrow how safe this is on a live running system, heh.
Sunny Dubey
There are no reasons why you should run into any problems, as long as you are not using NIS, which for a VPS should not be a problem.
You can unable md5 and shadow at the same time using
dpkg-reconfigure passwd
Although it does not tell you if they are turned on or not and I can not remember how to find out if they are already turned on.
Adam
@adamgent:
Although it does not tell you if they are turned on or not and I can not remember how to find out if they are already turned on.
debconf-show passwd
My approach is quite simple: The first thing I do every time after installing Debian stable is to tweak /etc/sources.list to switch to unstable, and then do a reckless "apt-get dist-upgrade". During the upgrade somewhere, the passwd package would have needed reconfiguration anyway and I would've switched on MD5 and shadow.
Adam
Actually, it's mainly because unstable has PHP 4.3.x (4.3.2+rc3-6 right now), which brings a small collection of niceties like filegetcontents()
"unstable" is more stable than the name suggests, apart from occasional crashes of mozilla, various X and gnome components, etc. which I don't use anyway. Spectacular b0rkage of ssh and pam did happen a few months ago… but I take special care to upgrade such key packages, i.e. mark the package as "on hold" in dselect, monitor bugs.debian.org for about a week before taking the plunge.
The only time I usually use apt-get of for small things and things that I really can not be bothered to install from source.
Adam