![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
https://bugzilla.novell.com/show_bug.cgi?id=798939
https://bugzilla.novell.com/show_bug.cgi?id=798939#c5
--- Comment #5 from Thorsten Kukuk
(In reply to comment #2)
Adjust subject, this is a pam_gnome_keyring only problem.
This has nothing to do with pam_gnome_keyring :-) The issue here is that accountsservice (and the UI in gnome-control-center that exposes features from accountsservice) can let people choose options wrt password management, including "login without password" and "choose password on next login".
"login without password" is not an accountservice from the base system. But if you don't use pam_gnome_keyring, it is possible to enable this feature by calling "pam-config -a --nullok".
This doesn't work by using pam_gnome_keyring, but by calling "passwd -d -- $user" (and "chage -d 0 -- $user"), so that's the standard tools.
GNOME bug. Your conclusion/expectation is wrong. Calling "passwd -d $user" does not allow you to login the next time without password, it only deletes the password of the user. And the second part, changing the password at next login, is working if you enter the old one first and don't delete them.
Now, if we don't want to support this in openSUSE, that's features we should disable (both in accountsservice and in the UI).
It's not a question if we want to support this (we do if you don't use pam_gnome_keyring and calls "pam-config -a --nullok"), it's a matter of if we want to allow an insecure system by default where everybody can login without password. And the decission was, that we don't want to have an insecure system by default. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.