desktop-packages team mailing list archive

Thread
Date

[Bug 888355] Re: users-admin should not allow creation of users with encrypted home who aren't asked for password on login

To: desktop-packages@xxxxxxxxxxxxxxxxxxx
From: Milan Bouchet-Valat <nalimilan@xxxxxxx>
Date: Thu, 10 Nov 2011 12:45:27 -0000
Reply-to: Bug 888355 <888355@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

*** This bug is a duplicate of bug 577563 ***
    https://bugs.launchpad.net/bugs/577563

Indeed. But users-admin is no longer developed, since it's been replaced
with the new GNOME control center applet upstream. (The new applet
doesn't allow setting a password-less account.)

I don't think the workaround should be added in GDM, though, because I
don't think it would be easy due to how PAM works. So I'm marking this
bug as duplicate of the other, and moving the other to gnome-system-
tools.

** Changed in: gnome-system-tools (Ubuntu)
   Importance: Undecided => Medium

** Changed in: gnome-system-tools (Ubuntu)
       Status: New => Triaged

** This bug has been marked a duplicate of bug 577563
   Automatic login fails and computer hangs (Lucid)

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-system-tools in Ubuntu.
https://bugs.launchpad.net/bugs/888355

Title:
  users-admin should not allow creation of users with encrypted home who
  aren't asked for password on login

Status in “gnome-system-tools” package in Ubuntu:
  Triaged

Bug description:
  Tested in Ubuntu 11.04 and 11.10.  Steps to reproduce:

  1) Go to "Users and Groups" (users-admin)

  2) Click "Add"

  3) Pick any name

  4) Check "Encrypt home folder to protect sensitive data"

  5) Click "OK"

  6) Set any password

  7) Check "Don't ask for password on login"

  8) Click OK

  Expected result: An error is raised at some point, because the user
  will not be able to log in.

  Actual result: User is created normally.  On login, the user is not
  prompted for their password, so the login fails.  In Ubuntu 11.04,
  some cryptic error messages display and the GUI hangs; in Ubuntu
  11.10, you're returned to the login screen.  Since the user is not
  prompted for their password, the home directory cannot be decrypted,
  so login will fail.  The two options are contradictory, and it should
  be impossible to select both.

  It might also be worthwhile if the program responsible for login
  (gdm?) detected this conflict and prompted the user for their
  password, ignoring the preference not to be prompted.  However, the
  preferences are still logically contradictory, so the administrator
  should not be allowed to select both when creating a user.

  Bug #581303 and Bug #577563 are related, but were filed against gdm
  and eCryptfs.  The problem should still be fixed in users-admin
  regardless of whether there's a workaround in gdm.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-system-tools/+bug/888355/+subscriptions

References

[Bug 888355] [NEW] users-admin should not allow creation of users with encrypted home who aren't asked for password on login
From: Aryeh Gregor, 2011-11-10