[Bug 237920] New: Yast requires set of user passwords during openSUSE setup - plz make it non mandatory
https://bugzilla.novell.com/show_bug.cgi?id=237920 Summary: Yast requires set of user passwords during openSUSE setup - plz make it non mandatory Product: openSUSE 10.3 Version: unspecified Platform: All OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: YaST2 AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: al4321@gmail.com QAContact: jsrain@novell.com Do you know that during openSUSE install Yast *requires* you to set user-password? It is simply wrong. Linux as a Free system should not force people to do that. In addition to that Yast auto-setups auto-login, which anyways negates the user-password effect. Plus, for single user systems, (all home PCs) having a user password won't improve security in any way. I call to people: please make user-passwords during Yast SUSE setup non-mandatory. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=237920 mhorvath@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|bnc-team- |jsuchome@novell.com |screening@forge.provo.novell| |.com | Severity|Normal |Enhancement -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=237920 jsuchome@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |INVALID ------- Comment #1 from jsuchome@novell.com 2007-01-24 08:03 MST ------- You do not have to setup auto-login. And you do not have to create user account. But it is a default policy for SUSE Linux to require passwords for users. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=237920 al4321@gmail.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|INVALID | ------- Comment #2 from al4321@gmail.com 2007-01-24 11:25 MST ------- The system should NOT force me to work this way, or that way! It is completely unacceptable behavior! -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=237920 jsuchome@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |NEEDINFO Info Provider| |al4321@gmail.com ------- Comment #3 from jsuchome@novell.com 2007-01-25 00:36 MST ------- Why? What do you want to achieve? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=237920 al4321@gmail.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED Info Provider|al4321@gmail.com | ------- Comment #4 from al4321@gmail.com 2007-01-25 12:10 MST ------- Look: on a single-user computer (at Home), where I trust all members, a root password has big impact of security (agains malware) - I don't ask to cancel that. But in addition to root password, Yast requires you to create a user password. It is a false sense of security, because on a single-user machine, that user is always logged in, therefore it is the same if there is a user password, or no password (passwordless user account). Because user account password on a single-user system (at Home) doesn't add to the system security, I wish to be able to install a SUSE system passwordless. Now you are *forced to* type at least 3 things during SUSE setup: root-password, user-name and user-password. I wish to decrease this number to 2: root-password and user-name. This won't hurt Home Linux security in any way. SUSE Linux allows this with "passwd" command or manual config file editing, but not in Yast. This feature will make SUSE more user-friendly under home environments. Please add it. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=237920 ------- Comment #5 from jsuchome@novell.com 2007-01-26 02:05 MST ------- You can 1. not add new user during installation. Later you can run yast2 security and set the minimal password length to 0. Than you can add new user with empty password. Currently, yast2-users just behaves correctly as it follows the rules for password length. 2. You can add new user during installation and enable autologin - that way you don't have to care about password. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=237920 al4321@gmail.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED Info Provider|kukuk@novell.com | ------- Comment #8 from al4321@gmail.com 2007-01-26 02:35 MST ------- OK, but the setup process will be simpler if I could use passwordless user accounts. (by default having password-length 0) I don't like the way that the setup forces me to do something this-or-that way. I want to be able to control every part of it. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=237920 jsuchome@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO Info Provider| |kukuk@novell.com -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=237920 kukuk@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |kukuk@novell.com Status|NEEDINFO |RESOLVED Info Provider|kukuk@novell.com | Resolution| |WONTFIX ------- Comment #9 from kukuk@novell.com 2007-01-26 02:52 MST ------- Allowing passwordless accounts may be ok in your very specific situation, where the computer is _never_ reacheable from outside, means none of your computers will ever dial into the internet. Allowing passwordless accounts will have the bad effect, that even users, who dial in will not use passwords and everybody can easyly hack their machines. This would give a very bad reputation for Linux. So we will not change this behavior. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
participants (1)
-
bugzilla_noreply@novell.com