RE: The lost screenwaiter [Was: The lost screensaver]

From: Gabriel Rossetti <gabriel rossetti trafigura com>
To: "awilliam whitemice org" <awilliam whitemice org>, "gnome-shell-list gnome org" <gnome-shell-list gnome org>
Subject: RE: The lost screenwaiter [Was: The lost screensaver]
Date: Thu, 23 Feb 2012 16:51:21 +0000

Sorry, using a terrible email client, can't reply inline well.

I don't agree, he wants to be able to login graphically without having to use a password, not by commandline. I think both aren't great, but at least the 1st one forces an attacker to have physical access to the machine whereas the 2nd would allow remote login.

I agree you can do that (disable the remote logins) , but it sounds like he may not know how to do that (since he doesn't know how to configure passwordless login) and even if he does he may one day enable it for whatever reason and forget that he deleted the user's password and thus opening his computer to the world (or just about).

You can change that setting via a GUI by the way, on Gnome Shell you do it this way:

 1) Open system settings
 2) Click on "User Accounts"
 3) Click on "Unlock", enter your password
 4) Toggle the "Automatic Login" switch

This way he get what he wants and at least doesn't allow current/future passwordless remote logins.

Gabriel

-----Original Message-----
From: gnome-shell-list-bounces gnome org [mailto:gnome-shell-list-bounces gnome org] On Behalf Of Adam Tauno Williams
Sent: 23 February 2012 17:41
To: gnome-shell-list gnome org
Subject: RE: The lost screenwaiter [Was: The lost screensaver]

On Wed, 2012-02-22 at 08:12 +0000, Gabriel Rossetti wrote:
> I wouldn’t run passwd –d username, that will allow anyone to remote
> into your machine with no password unless I’m mistaking...

Yes, but that's what he wants.  There is no point in pretending what he
wants isn't a terrible idea.

Just make sure remote access is disabled [which is the default on most
current distributions].

> There is an option somewhere to allow password-less logins on the UI,
> I’d use that if I were you.

/etc/sysconfig/displaymanager set DISPLAYMANAGER_PASSWORD_LESS_LOGIN to
"yes".  At least on openSUSE.  That might work.

--
System & Network Administrator [ LPI & NCLA ]
<http://www.whitemiceconsulting.com>
OpenGroupware Developer <http://www.opengroupware.us>
Adam Tauno Williams

_______________________________________________
gnome-shell-list mailing list
gnome-shell-list gnome org
http://mail.gnome.org/mailman/listinfo/gnome-shell-list

________________________________

This email and any attachments are confidential and access to this email or attachment by anyone other than the addressee is unauthorised. If you are not the intended recipient please notify the sender and delete the email including any attachments. You must not disclose or distribute any of the contents to any other person. Personal views or opinions are solely those of the author and not of Trafigura. Trafigura does not guarantee that the integrity of this communication has been maintained nor that the communication is free of viruses, interceptions or interference. By communicating with anyone at Trafigura by email, you consent to the monitoring or interception of such email by Trafigura in accordance with its internal policies. Unless otherwise stated, any pricing information given in this message is indicative only, is subject to change and does not constitute an offer to deal at any price quoted.

Follow-Ups:
- RE: The lost screenwaiter [Was: The lost screensaver]
  - From: Milan Bouchet-Valat

References:
- The lost screenwaiter [Was: The lost screensaver]
  - From: shuihuzhuan
- Re: The lost screenwaiter [Was: The lost screensaver]
  - From: Ray Strode
- RE: The lost screenwaiter [Was: The lost screensaver]
  - From: Gabriel Rossetti
- RE: The lost screenwaiter [Was: The lost screensaver]
  - From: Adam Tauno Williams

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]