On Tue, 2019-09-24 at 23:31 +0200, Frantisek Zatloukal wrote: > On Mon, Sep 23, 2019 at 11:41 PM Lukas Ruzicka <lruzicka@xxxxxxxxxx> wrote: > > > > > Passwords are mandatory (and always have been) but you can enable > > > autologin in gnome-control-center. This allows you to log on without > > > typing your password. > > > > > > Problem is, unless you have a LUKS password equal to your user account > > > password, you'll just get a modal dialog when you log in prompting you > > > to unlock gnome-keyring. So it's never really worked. > > > > So, as I understand that, enforcing per-user encryption is not going to > prevent anybody from having automatic login? User account has to have > password anyway and having per-user based encryption (4.b.) would mean that > LUKS password would be always equal to user password. Has anyone considered how all this interacts with domain users, BTW? My user account is not a local one managed in /etc/passwd; it's a FreeIPA domain account. One fun thing that happens with this is that when I change my password in FreeIPA, I have to do a stupid trick in seahorse to change my keyring password to be the same as the new user password, otherwise my keyring doesn't get unlocked when I log into the system. Are we gonna have similar 'fun' with on-by-default or mandatory user data encryption? -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net http://www.happyassassin.net _______________________________________________ desktop mailing list -- desktop@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to desktop-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/desktop@xxxxxxxxxxxxxxxxxxxxxxx
