Bug#501849: Please permit installation with an empty user password

To: 501849@bugs.debian.org
Cc: 501849-submitter@bugs.debian.org
Subject: Bug#501849: Please permit installation with an empty user password
From: Frans Pop <elendil@planet.nl>
Date: Mon, 13 Oct 2008 09:26:17 +0200
Message-id: <[🔎] 200810130926.17957.elendil@planet.nl>
Reply-to: 501849@bugs.debian.org, 501849@bugs.debian.org

Emmet Hikory wrote:
>     I "really, really" wanted to do it to ease working with tools that
> request graphical sudo authentication for devices that didn't have
> keyboards.  Yes, this is pointlessly insecure, and yes, there are input
> tools that can be used in some cases, but these tend to be fairly
> cumbersome.

Otavio Salvador wrote:
> I believe it is a nice option to be supported, even more that the
> Debian Embedded effort is starting to be integrated on the
> distribution.

I can only see the point of this to some extend for some embedded devices. 
In general I would expect that embedded devices will require much more 
customization than just having the user password unset.

Even stronger. For embedded devices with a graphical user interface I 
would expect that probably no login to the graphical user interface would 
be required (i.e. customization of display manager or of the way X.Org is 
started), and possibly that passwordless use of sudo would be allowed. 
But I also would expect the actual user ID still to be protected with a 
password, especially as a lot of these devices will have networking and 
thus do need fairly strong protection for external access.

So I'm personally still not really convinced of the real value of this 
option, but will also not block its inclusion if other feel that it 
really is useful. But of course only if the implementation is sane, so my 
other comments would still need to be addressed.

Please make sure that the installation guide explicitly warns that using 
the option will result in an insecure system!

Emmet Hikory wrote:
>     Unless I misunderstand the purpose of the other internal use
> templates in user-setup (which is quite possible), I suspect these
> issues also need to be addressed for several existing templates.  My
> apologies for this error.

Yes, you are right. Other templates in user-setup also don't follow the 
general "standard". See for example apt-setup or localechooser for
"correct" examples.
It's best to follow the style used in user-setup (unless you want to also 
provide a separate patch to fix existing templates in user-setup).

Cheers,
FJP

Reply to:

Follow-Ups:
- Bug#501849: Please permit installation with an empty user password
  - From: Franklin PIAT <fpiat@klabs.be>

Prev by Date: Bug#502039: tasksel: Typo in norwegian language test
Next by Date: preseeding partitioning with lvm (lenny beta2)
Previous by thread: Bug#501849: Please permit installation with an empty user password
Next by thread: Bug#501849: Please permit installation with an empty user password
Index(es):
- Date
- Thread