Hi,
Setting aside the question of how anaconda, gnome-initial-setup, and
the liveuser sessions would work, I have a question about the complaint
regarding accountsservice.
On Mon, Nov 25, 2019 at 4:25 pm, Ben Cotton <bcotton@xxxxxxxxxx> wrote:
* '''AccountService''' - D-Bus methods ''SetPassword'' and
''SetPasswordMode'' on ''org.freedesktop.Accounts.User'' interface can
remove user’s password and lock the user out of the system if empty
password is disallowed. These calls must be denied in this case.
OK, makes sense. But:
Additionally, these methods can be run by normal users as opposed to
''passwd -d'' and ''chage -d 0'' which can be run only by root.
Therefore only root should be able to call these methods.
So... then users can't change their own passwords?
We don't enable root account in Workstation anyway, it would become
impossible to ever change any password via accountsservice.
Let's assume you meant "only admin users should be able to call these
methods" instead of "only root". Even then, I still don't understand
the problem. I just tested using D-Feet to manually change my password
using org.freedesktop.Accounts SetPassword, and it required that I
authenticate via polkit. polkit is good; let it do its thing. It's
checking the org.freedesktop.accounts.change-own-password action, which
requires auth_admin authentication. So what is the problem here?
Michael
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
