[Libosinfo] Fwd: [PATCH] Revert "debian: Allow empty passwords"

Fabiano Fidêncio fidencio at redhat.com
Fri May 20 15:46:01 UTC 2016 

As Zeeshan forgot to CC the list, I ended up doing the same :-)


---------- Forwarded message ----------
From: Fabiano Fidêncio <fidencio at redhat.com>
Date: Fri, May 20, 2016 at 5:39 PM
Subject: Re: [Libosinfo] [PATCH] Revert "debian: Allow empty passwords"
To: "Zeeshan Ali (Khattak)" <zeeshanak at gnome.org>


On Fri, May 20, 2016 at 5:30 PM, Zeeshan Ali (Khattak)
<zeeshanak at gnome.org> wrote:
> On Thu, May 19, 2016 at 10:02 PM, Fabiano Fidêncio <fidencio at redhat.com> wrote:
>> On Thu, May 19, 2016 at 6:41 PM, Zeeshan Ali (Khattak)
>> <zeeshanak at gnome.org> wrote:
>>> Hi,
>>>
>>> On Thu, May 19, 2016 at 2:32 PM, Fabiano Fidêncio <fidencio at redhat.com> wrote:
>>>> On Thu, May 19, 2016 at 2:40 PM, Zeeshan Ali (Khattak)
>>>> <zeeshanak at gnome.org> wrote:
>>>>> On Thu, May 19, 2016 at 7:24 AM, Fabiano Fidêncio <fidencio at redhat.com> wrote:
>>>>>> The workaround that has been used so for doesn't work.
>>>>>>
>>>>>> For the user account, the password is indeed removed in the end of the
>>>>>> installation, but then login in from GDM is impossible. Although it
>>>>>> works from a VT,
>>>>>
>>>>> You mean after you logout and then get dropped to GDM? Which would
>>>>> explain why it's hard to notice. If that's the case, are you sure we
>>>>> don't have the same issue with Fedora?
>>>>
>>>> The issue is, the system is installed, reboots and then you're at GDM
>>>> screen. There you simply can _not_ login.
>>>
>>> Ah ok but then it affects all users and I'm a bit confused what you
>>> meant by the following sentence to this: "this is not something
>>> obvious that every user would try."
>>
>> If you switch to VT you can log in without a password. And switching
>> to VT is not something obvious that every user would try.
>
> Ah ok, now I get it and re-reading the commit log, I wonder how I
> didn't get it. :)
>
>>>> I don't know if it affects Fedora, I didn't test Fedora and not sure
>>>> when I'll have time for that. maybe it's broken there as well.
>>>
>>> I doubt it, if it's so badly broken.
>>>
>>>>>>this is not something obvious that every user would
>>>>>> try. So, requiring the user password seems the best to do for now and
>>>>>> when another workaround is found the user password can be set to
>>>>>> optional again.
>>>>>
>>>>> Hmm.. Boxes might not be taking into account scripts requiring password.
>>>>
>>>> Well, that's something to be fixed on Boxes, not on libosinfo.
>>>
>>> Of course, I was just reminding. :)
>>>
>>>>>> For the root account, the password is not removed in the of the
>>>>>> installation and ends up being set as "dummyPa55w0rd", something that
>>>>>> the user would never guess, unless they have access to the libosinfo
>>>>>> code. So, requiring the admin password seems the best to do for now and
>>>>>> when another workaround is found the admin password can be set to
>>>>>> optional again.
>>>>>
>>>>> I think the most important thing is to find out why the workaround is
>>>>> not working. Could it be that it used to work but broken in recently
>>>>> debian versions?
>>>>
>>>> I also don't know if it used to work before.
>>>
>>> Well it's pretty unlikely that Lasse would have marked a workaround as
>>> "working" without testing it. I'm not sure if I tested this exactly
>>> but I did some testing of Debian then.
>>
>> Well, it doesn't work at all with Debian 7, which is the first Debian
>> with desktop installer profile.
>> So, yes, I doubt it was ever tested before.
>
> There are two different things involved here:
>
> 1. password-less login
> 2. autologin
>
> Does autologin works? If it does, that would explain everything since
> we probably only saw the VM showing the desktop after the install and
> marked it as "working".

No, that's not the case. There is no autologin set up at all.

>
>> Now that we know it never worked, can I get your ACK and revert the patch?
>> That's the safest option we have.
>
> Sure.
>
>>>
>>>> You acked this patch, can
>>>> you tell me in which version of Debian you have tested it?
>>>
>>> That was 2 years ago so no, I can't. I'll bet on the latest stable
>>> debian release at the time.
>>>
>>> --
>>> Regards,
>>>
>>> Zeeshan Ali (Khattak)
>
>
>
> --
> Regards,
>
> Zeeshan Ali (Khattak)

More information about the Libosinfo mailing list