[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [E-devel] Desklock



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 1 Mar 2006, Carsten Haitzler wrote:
On Tue, 28 Feb 2006 10:59:27 -0800 (PST) Eric Sandall <eric@sandall.us> babbled:
On Tue, 28 Feb 2006, Aleksej Struk wrote:
The feature is still under development. Actually, the unlocking
through the user system wide password will be implemented too.
For now, the personal desklock password is, more or less, a temporal
feature.
<snip>

As I'm not the one coding this I probably don't have much input ;),
but IMO the only password allowed should be the already setup user
password, not Yet Another Password that the user has to define and
remember (though they could use the same password as their account
password, but then that opens up 'security' issues with who gets
access to where this password is stored, is it encrypted, etc.).

the problem is - to handle the "user password" is a massive pain in the arse. you need to use PAM or getpwent() and this presents some serious problems. what if your user account details live in an ldap db? sure - pam wraps this and handles it, but now we bind ourselves to pam - which is a bit problematic to use in a portable way even between linux distributions.

also note - this is no worse than leaving your desktop unlocked and someone walking by and going "rm -rf ~/*" in a terminal. if you walk away from your machine and leave it unlocked - it's fair game for ANYTHING. someone locking it with a pw u don't know is fairly harmless compared to other things they can do.

Shouldn't desklock just use xscreensaver then? That would take care of
all the authentication (unix, PAM, KRB5, etc.) for us as well as
providing various backgrounds (as mentioned in the other thread)
through the screensavers. It'd also save duplicating a lot of work,
IMO.

- -sandalle

- --
Eric Sandall                     |  Source Mage GNU/Linux Developer
eric@sandall.us                  |  http://www.sourcemage.org/
http://eric.sandall.us/          |  SysAdmin @ Inst. Shock Physics @ WSU
http://counter.li.org/  #196285  |  http://www.shock.wsu.edu/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.1 (GNU/Linux)

iD8DBQFEBhRLHXt9dKjv3WERAibxAJ0ct5axGIKatsGpY/Wa7r14k7e7ewCfX3/3
g4Jz97PDLEEaSyfXA2WHdOg=
=NF0W
-----END PGP SIGNATURE-----