Replace compiled .html with .wml source from the db.d.o cvs repository

[mirror/userdir-ldap-cgi.git] / html / password.wml

diff --git a/html/password.wml b/html/password.wml
new file mode 100644 (file)
index 0000000..7ef2a72
--- /dev/null
+++ b/html/password.wml
@@ -0,0 +1,36 @@
+#use wml::db.d.o title="Lost or Forgotten password"
+
+<p>
+If you have lost or forgotten your LDAP password (and by extension, your
+machine login password) you can have it reset by sending a PGP signed 
+message to the <a href="doc-mail.html">mail gateway</a>:
+<pre>
+echo "Please change my Debian password" | gpg --clearsign | mail chpasswd@db.debian.org
+or
+echo "Please change my Debian password" | pgp -fast | mail chpasswd@db.debian.org
+</pre>
+The daemon will then respond with a new randomized password encrypted
+with your key. You can then use the 
+<a href="https://db.debian.org/login.html">SSL Web pages</a> to change your
+password to something you can remember. You cannot set a new password via the
+mail gateway.
+
+<p>
+Alternatively, you can do without a password and use PGP to manipulate your
+LDAP information through the <a href="doc-mail.html">mail gateway</a> and use
+SSH RSA Authentication to access the servers. To setup OpenSSH for RSA you
+need to first generate a private RSA key using <tt>ssh-keygen</tt> and select
+a good passphrase for it. Then send the public portion of the key to the LDAP
+directory:
+<pre>
+gpg --clearsign < ~/.ssh/id_rsa.pub | mail change@db.debian.org
+</pre>
+
+<p><b>NB:</b> Only version 2 RSA keys are accepted.  Version 1 RSA
+keys (i.e. identity.pub files) will not work.</p>
+
+<p>
+You can then use this key to authenticate to the machines. Using ssh-agent 
+(automatically run by Debian's X configuration) you can use ssh-add to 'cache'
+your passphrase once. 
+</p>