Hi,
On 07-10-16 17:42, Michael Catanzaro wrote:
On Fri, 2016-10-07 at 15:56 +0200, Hans de Goede wrote:
So can we get this fixed please, or do we need to escalate
this all the way up to FESco again ?
Hi,
The status quo is that we are not in compliance with FESCo's policy
[1], which clearly applies to all tools that change passwords and not
just anaconda, but we can't change anything in GNOME until libpwquality
stops blocking weak passwords via its PAM module, since we ultimately
shell out to passwd to implement that (for auditability). (Actually, I
think gnome-initial-setup does not use passwd, but gnome-control-center
definitely does, and we are not going to implement different password
checking behavior between the two of them.)
I informed FESCo of this at the time of their decision, and reminded
them in the original ticket a month or two ago. At any rate, it's been
this way for several releases now, so I don't want to change anything
in F25 this late in the game, but it would be nice to fix in the F26
timeframe. I don't want to work on the PAM module, but if somebody else
fixes it, then send me a ping and I'll try to update gnome-initial-
setup and gnome-control-center to comply with the policy.
But there is one more issue. FESCo's policy actually requires that only
admin users (wheel users, including the initial user account) would be
able to set weak passwords, and that unprivileged users should be
blocked from doing so. Again, this is not currently possible to
implement in GNOME, as it requires additional plumbing in at least the
PAM module, and probably also in libpwquality proper. Again, I don't
plan to work on this, but again, if someone else fixes it then I'm
happy to make whatever changes are needed in g-i-s/g-c-c.
First of all thank you for the long explanation, and good to know that
this is on your radar.
As a developer I understand what you're saying. But TBH as an end
user I don't give a hoot. We first had this whole discussion about
anaconda breaking the freedom to chose a password around F-22
and now we've F25 coming up 18 months later and this is still not
fixed (in some places). That is simply unacceptable IMHO.
Suggested fix if you "shell out to passwd" in g-c-c, then why not
also do this in g-i-s presumable you can share the code then and
have less security sensitive code to worry about ? When you do
make sure you run passwd as root (from g-i-s), not as the newly
created user. I can set whatever passwd I want using
"passwd <username>" as root just fine.
This will at least fix g-i-s, which is the biggest hurdle for users.
Changing a passwd later, a wheel group user can always drop to
the terminal and do "sudo passwd <username>" as a workaround,
but at g-i-s time no such workarounds are possible. Or simply
also run passwd as root for wheel group users (they have sudo
rights after all).
Regards,
Hans
> [1] https://fedoraproject.org/wiki/Passphrase_policy
Note that this page too is over a year old, really it is time
to fix this.
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
