Bug#501849: Please permit installation with an empty user password

To: 501849@bugs.debian.org
Cc: 501849-submitter@bugs.debian.org
Subject: Bug#501849: Please permit installation with an empty user password
From: Franklin PIAT <fpiat@klabs.be>
Date: Mon, 13 Oct 2008 22:56:21 +0200
Message-id: <[🔎] 1223931381.5077.26.camel@solid.paris.klabs.be>
Reply-to: Franklin PIAT <fpiat@klabs.be>, 501849@bugs.debian.org
In-reply-to: <[🔎] 200810130926.17957.elendil@planet.nl>
References: <[🔎] 200810130926.17957.elendil@planet.nl>

On Mon, 2008-10-13 at 09:26 +0200, Frans Pop wrote:
> Emmet Hikory wrote:
> >     I "really, really" wanted to do it to ease working with tools that
> > request graphical sudo authentication for devices that didn't have
> > keyboards.  Yes, this is pointlessly insecure, and yes, there are input
> > tools that can be used in some cases, but these tend to be fairly
> > cumbersome.
> 
> I can only see the point of this to some extend for some embedded
> devices. 
[..]
> and possibly that passwordless use of sudo would be allowed. 
> But I also would expect the actual user ID still to be protected with
> a password, especially as a lot of these devices will have networking
> and thus do need fairly strong protection for external access.

Yep. I am not sure that all network services in Debian have a "null
password not ok" policy, à la pam_unix. (remember Win2K? )

BTW, Gnome's gdm allows autologon. Also something like "pam_succeed_if
uid=1000" or equivalent may achieve the expected behaviour.


Franklin

Reply to:

References:
- Bug#501849: Please permit installation with an empty user password
  - From: Frans Pop <elendil@planet.nl>

Prev by Date: Bug#401220: exim4 auto-configuration assumes short hostnames
Next by Date: Re: cairo, directfb and cdebconf
Previous by thread: Bug#501849: Please permit installation with an empty user password
Next by thread: Bug#497110: partman-dmraid: obsolete component; should not be included in Lenny
Index(es):
- Date
- Thread