Re: Appropriateness of autologin (was Re: [FAQ] Passwordless logins don't work in KDM 3.2)
On Wednesday 10 March 2004 18:39, Derek Broughton wrote: > Ron Johnson wrote: > >>>Should passwordless logins even be allowed? > >> > >>It's the admin who decides about them, so I don't see a problem. > > > > An analogy: > > Should a Windows Admin be able to decide whether programs should > > be able to run within MS Outlook? Sure it's conventient, but it's > > a *huge* security hole. > > If I have a Linux desktop machine at home, and I give the kids an > account and one for myself, I want (and need) a password on my account, > I don't have any security purpose to putting passwords on their account. > In fact, allowing them a password at all is just giving them a false > sense of security :-) In fact that was similar to what I was trying to do until I gave up because it was not working. I have a private computer that is mine, with a passworded account. But occassionally our family computer breaks and the family want to to use mine. I have created an account "guest" and would like to be able to tell them to use that (passwordlessly) - particularly when I am away on business. -- Alan Chandler [EMAIL PROTECTED] First they ignore you, then they laugh at you, then they fight you, then you win. --Gandhi
Re: Appropriateness of autologin (was Re: [FAQ] Passwordless logins don't work in KDM 3.2)
Ron Johnson wrote: >> >>>Should passwordless logins even be allowed? >> >>It's the admin who decides about them, so I don't see a problem. > > An analogy: > Should a Windows Admin be able to decide whether programs should > be able to run within MS Outlook? Sure it's conventient, but it's > a *huge* security hole. If I have a Linux desktop machine at home, and I give the kids an account and one for myself, I want (and need) a password on my account, I don't have any security purpose to putting passwords on their account. In fact, allowing them a password at all is just giving them a false sense of security :-)
Re: [FAQ] Passwordless logins don't work in KDM 3.2
David Pye writes: > Thirdly, as kdm already does support it (excluding this minor > regression, obviously!) why remove it? It's not like it's default, > or even, arguably, easy to get working without editing files, so you > can't enable it by mistake! Actually, it's pretty easy to enable from kcontrol->login manager->convenience, but I don't think this makes a difference. cheers domi
Re: [FAQ] Passwordless logins don't work in KDM 3.2
Hmm, Note I said 'from KDM's point of view', not from the system's point of view :p David On Wednesday 10 March 2004 17:36, Jan De Luyck wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On Wednesday 10 March 2004 18:34, David Pye wrote: > > It does work? > > > > Hmm, if so, then it matters little to me which one is used. > > > > If I might ask, what's the difference, from KDM's point of view, as the > > user isn't prompted for a password in either scenario, effectively making > > either one a passwordless login... > > There's a rather huge difference: the graphical shell is still unlocked > without a password, but people can't just use that account and login e.g. > via ssh without a password. > > Huuge difference. > > Jan > > - -- > A new chef from India was fired a week after starting the job. He > kept favoring curry. > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.2.4 (GNU/Linux) > > iD8DBQFAT1IjUQQOfidJUwQRAld0AJ4udHp0mgfVkSfyMOIoFk3Re8BcdwCfdw4/ > iY7bNZXik8Cxlgzx6kH/oA0= > =W13i > -END PGP SIGNATURE-
Re: [FAQ] Passwordless logins don't work in KDM 3.2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wednesday 10 March 2004 18:34, David Pye wrote: > It does work? > > Hmm, if so, then it matters little to me which one is used. > > If I might ask, what's the difference, from KDM's point of view, as the > user isn't prompted for a password in either scenario, effectively making > either one a passwordless login... There's a rather huge difference: the graphical shell is still unlocked without a password, but people can't just use that account and login e.g. via ssh without a password. Huuge difference. Jan - -- A new chef from India was fired a week after starting the job. He kept favoring curry. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAT1IjUQQOfidJUwQRAld0AJ4udHp0mgfVkSfyMOIoFk3Re8BcdwCfdw4/ iY7bNZXik8Cxlgzx6kH/oA0= =W13i -END PGP SIGNATURE-
Re: [FAQ] Passwordless logins don't work in KDM 3.2
It does work? Hmm, if so, then it matters little to me which one is used. If I might ask, what's the difference, from KDM's point of view, as the user isn't prompted for a password in either scenario, effectively making either one a passwordless login... David On Wednesday 10 March 2004 17:26, Martin Küchler wrote: > Am Mittwoch, 10. März 2004 18:06 schrieb David Pye: > > > Should passwordless logins even be allowed? > > > > Absolutely - there are a number of scenarios where this behaviour is > > almost mandatory - I have two. > > > > Firstly, my mother's PC - she is the only person who ever used it, and > > can even access it, so why can't I allow her to autologin? It's one less > > thing for her to worry about. > > but autologin with an account that has a password works fine in kde 3.2 (I > am using it), wouldn't that have the same effect for your mother ?
Re: [FAQ] Passwordless logins don't work in KDM 3.2
On Wednesday 10 March 2004 17:22, Ron Johnson wrote: > > Firstly, my mother's PC - she is the only person who ever used it, and > > can even access it, so why can't I allow her to autologin? It's one less > > thing for her to worry about. > > That's an easy one to shoot down: > http://www.ananova.com/news/story/sm_817532.html?menu= > "One of the defendants, 71-year-old Durwood Pickle, said his teenage > grandchildren used his computer during visits to his home." What? That is utterly irrelevant. It is her and her machine only. She lives with her elderly husband, and I dont think they can even work KMail properly, let alone Kazaa. Anyway, my policy is that access to that machine is limited at the PHYSICAL level, and I have decided it is sufficient. I fail to see why it's anybody else's right to question this, although I do see the point you're trying to make here. All I am saying is, that it is my decision to make whether to do it this way, not anybody elses, hence I will be most peeved if the decision is denied me, through its removal from kdm. > > > Secondly, I maintain a machine in the university PC labs for public CD > > burning of linux distros. I autologin it as guest user, and spawn the > > app. Now, if I couldn't use kdm to do it, I'd have to resort to another > > hack, which is potentially even worse :/ > > Console login with a curses app that is spawned from ~guest/.bashrc > that needs a password for the "quit" function and traps Ctrl-C and > Ctrl-Z. Oh, so the X11 app I wrote isn't good enough? We dont mind people opening terminals anyway, and the machine is effectively open access, so again, this doesn't matter. Non-root access to this machine is not cared about - at least, again, it is managed PHYSICALLY - not just anybody can get into our labs. If you were to come in, and ssh out from it, I don't care. Likewise, if you download a kazaa client, I dont care, although if I spot it, I WILL kill it ;) > > Thirdly, as kdm already does support it (excluding this minor regression, > > obviously!) why remove it? It's not like it's default, or even, arguably, > > easy to get working without editing files, so you can't enable it by > > mistake! > > Well, since it's there. But removing it would mean less code, and > less code means less potential bugs. > A third issue has come to mind ;) I work for the Xbox-Linux project, and for a while, gdm autologin was enabled to effectively turn the box into a set-top browser/mail client etc - trying to operate xdm, xvkbd et all with the xbox joypad is EXTREMELY tedious to say the least! David
Re: [FAQ] Passwordless logins don't work in KDM 3.2
Am Mittwoch, 10. März 2004 18:06 schrieb David Pye: > > Should passwordless logins even be allowed? > > Absolutely - there are a number of scenarios where this behaviour is almost > mandatory - I have two. > > Firstly, my mother's PC - she is the only person who ever used it, and can > even access it, so why can't I allow her to autologin? It's one less thing > for her to worry about. but autologin with an account that has a password works fine in kde 3.2 (I am using it), wouldn't that have the same effect for your mother ?
Re: [FAQ] Passwordless logins don't work in KDM 3.2
On Wed, 2004-03-10 at 11:06, David Pye wrote: > On Wednesday 10 March 2004 16:54, Ron Johnson wrote: > > On Wed, 2004-03-10 at 09:59, Dominique Devriese wrote: > > > Jeff Elkins writes: [snip] > > Should passwordless logins even be allowed? > > Absolutely - there are a number of scenarios where this behaviour is almost > mandatory - I have two. > > Firstly, my mother's PC - she is the only person who ever used it, and can > even access it, so why can't I allow her to autologin? It's one less thing > for her to worry about. That's an easy one to shoot down: http://www.ananova.com/news/story/sm_817532.html?menu= "One of the defendants, 71-year-old Durwood Pickle, said his teenage grandchildren used his computer during visits to his home." > Secondly, I maintain a machine in the university PC labs for public CD > burning > of linux distros. I autologin it as guest user, and spawn the app. Now, if I > couldn't use kdm to do it, I'd have to resort to another hack, which is > potentially even worse :/ Console login with a curses app that is spawned from ~guest/.bashrc that needs a password for the "quit" function and traps Ctrl-C and Ctrl-Z. > Thirdly, as kdm already does support it (excluding this minor regression, > obviously!) why remove it? It's not like it's default, or even, arguably, > easy to get working without editing files, so you can't enable it by mistake! Well, since it's there. But removing it would mean less code, and less code means less potential bugs. -- - Ron Johnson, Jr. [EMAIL PROTECTED] Jefferson, LA USA If 1/2 of all US marriages end in divorce, and there are a good number of 3rd, 4th, etc marriages, then more than 1/2 of all 1st marriages will be permanent.
Re: [FAQ] Passwordless logins don't work in KDM 3.2
Ron Johnson writes: > On Wed, 2004-03-10 at 09:59, Dominique Devriese wrote: >> Jeff Elkins writes: >> >> > Since upgrading to KDE3.2, kdm will no longer allow autologin, >> > giving me an authentication failure. Is there a workaround for >> > this? >> >> Hi, >> >> This is a known problem. I have added the following text to >> http://wiki.debian.net/?DebianKDE: >> >> ** Passwordless logins don't work in kdm. This is a known problem >> with a known fix. Replace the file /etc/pam.d/kdm-np with the one >> from http://www.kde-debian.org/~domi/kdm-np as an easy fix. > Should passwordless logins even be allowed? It's the admin who decides about them, so I don't see a problem. cheers domi
Re: [FAQ] Passwordless logins don't work in KDM 3.2
On Wed, Mar 10, 2004 at 10:54:04AM -0600, Ron Johnson wrote: > On Wed, 2004-03-10 at 09:59, Dominique Devriese wrote: > > ** Passwordless logins don't work in kdm. This is a known problem > >with a known fix. Replace the file /etc/pam.d/kdm-np with the one > >from http://www.kde-debian.org/~domi/kdm-np as an easy fix. > Should passwordless logins even be allowed? 1) internet kiosks 2) media appliances There are probably other embedded uses as well. -- Riku Voipio|[EMAIL PROTECTED] | kirkkonummentie 33 |+358 40 8476974 --+-- 02140 Espoo| | dark> A bad analogy is like leaky screwdriver |
Appropriateness of autologin (was Re: [FAQ] Passwordless logins don't work in KDM 3.2)
On Wed, 2004-03-10 at 11:00, Dominique Devriese wrote: > Ron Johnson writes: > > > On Wed, 2004-03-10 at 09:59, Dominique Devriese wrote: > >> Jeff Elkins writes: > >> > >> > Since upgrading to KDE3.2, kdm will no longer allow autologin, > >> > giving me an authentication failure. Is there a workaround for > >> > this? > >> > >> Hi, > >> > >> This is a known problem. I have added the following text to > >> http://wiki.debian.net/?DebianKDE: > >> > >> ** Passwordless logins don't work in kdm. This is a known problem > >> with a known fix. Replace the file /etc/pam.d/kdm-np with the one > >> from http://www.kde-debian.org/~domi/kdm-np as an easy fix. > > > Should passwordless logins even be allowed? > > It's the admin who decides about them, so I don't see a problem. An analogy: Should a Windows Admin be able to decide whether programs should be able to run within MS Outlook? Sure it's conventient, but it's a *huge* security hole. -- - Ron Johnson, Jr. [EMAIL PROTECTED] Jefferson, LA USA In 1929, when the Great Depresion hit, while all the other tabulating companies retrenched, Thomas Watson Sr. insisted that IBM's factories stay open and R&D spending increase. Thus, in 1935 when FDR signed the Social Security Act, and businesses and gov't had a huge need for tabulating/sorting machines, IBM was in position to dominate the industry, and did so for the next 45 years.
Re: [FAQ] Passwordless logins don't work in KDM 3.2
On Wednesday 10 March 2004 16:54, Ron Johnson wrote: > On Wed, 2004-03-10 at 09:59, Dominique Devriese wrote: > > Jeff Elkins writes: > > > Since upgrading to KDE3.2, kdm will no longer allow autologin, > > > giving me an authentication failure. Is there a workaround for > > > this? > > > > Hi, > > > > This is a known problem. I have added the following text to > > http://wiki.debian.net/?DebianKDE: > > > > ** Passwordless logins don't work in kdm. This is a known problem > >with a known fix. Replace the file /etc/pam.d/kdm-np with the one > >from http://www.kde-debian.org/~domi/kdm-np as an easy fix. > > Should passwordless logins even be allowed? Absolutely - there are a number of scenarios where this behaviour is almost mandatory - I have two. Firstly, my mother's PC - she is the only person who ever used it, and can even access it, so why can't I allow her to autologin? It's one less thing for her to worry about. Secondly, I maintain a machine in the university PC labs for public CD burning of linux distros. I autologin it as guest user, and spawn the app. Now, if I couldn't use kdm to do it, I'd have to resort to another hack, which is potentially even worse :/ Thirdly, as kdm already does support it (excluding this minor regression, obviously!) why remove it? It's not like it's default, or even, arguably, easy to get working without editing files, so you can't enable it by mistake! David > > -- > - > Ron Johnson, Jr. [EMAIL PROTECTED] > Jefferson, LA USA > > I am *not* my children's friend; I am their parent.
Re: [FAQ] Passwordless logins don't work in KDM 3.2
On Wed, 2004-03-10 at 09:59, Dominique Devriese wrote: > Jeff Elkins writes: > > > Since upgrading to KDE3.2, kdm will no longer allow autologin, > > giving me an authentication failure. Is there a workaround for > > this? > > Hi, > > This is a known problem. I have added the following text to > http://wiki.debian.net/?DebianKDE: > > ** Passwordless logins don't work in kdm. This is a known problem >with a known fix. Replace the file /etc/pam.d/kdm-np with the one >from http://www.kde-debian.org/~domi/kdm-np as an easy fix. Should passwordless logins even be allowed? -- - Ron Johnson, Jr. [EMAIL PROTECTED] Jefferson, LA USA I am *not* my children's friend; I am their parent.
Re: [FAQ] Passwordless logins don't work in KDM 3.2
On Wednesday 10 March 2004 10:59 am, Dominique Devriese wrote: >Jeff Elkins writes: >> Since upgrading to KDE3.2, kdm will no longer allow autologin, >> giving me an authentication failure. Is there a workaround for >> this? > >Hi, > >This is a known problem. I have added the following text to >http://wiki.debian.net/?DebianKDE: > >** Passwordless logins don't work in kdm. This is a known problem > with a known fix. Replace the file /etc/pam.d/kdm-np with the one > from http://www.kde-debian.org/~domi/kdm-np as an easy fix. > >cheers >domi Thanks again! That cured the problem. Jeff
