[opensuse-kde] kdm on 12.2 (also in 12.1) use the show userlist by default
By default the userlist is shown in kdm. Several time ago security team would like to see it removed. It was the case mainly due to "broken/non feature" in the previous themes used in 12.1. Now under 12.2 the new theme proposed is fully aware of userlist/domain remote login etc. But to comply with what security team want then it seems we should have a patch changing the default show userlist to no in /usr/share/kde4/config/kdm/kdmrc. What is your opinion on that ? -- Bruno Friedmann Ioda-Net Sàrl www.ioda-net.ch openSUSE Member & Ambassador GPG KEY : D5C9B751C4653227 irc: tigerfoot -- To unsubscribe, e-mail: opensuse-kde+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kde+owner@opensuse.org
On Mon, 28 May 2012 13:45, Bruno Friedmann
By default the userlist is shown in kdm. Several time ago security team would like to see it removed.
It was the case mainly due to "broken/non feature" in the previous themes used in 12.1. Now under 12.2 the new theme proposed is fully aware of userlist/domain remote login etc.
But to comply with what security team want then it seems we should have a patch changing the default show userlist to no in /usr/share/kde4/config/kdm/kdmrc.
What is your opinion on that ?
Let's be honest: - for privat / family use, the userlist is more than just 'usefull', it's needed to considered 'user-friendly'. - for security relevant use, the ability to 'disable' the userlist is needed to be considered 'secure enough'. MS-Windows (Vista/7 at least) give the admin the choice. If even MS can do this, why should we cripple our users in taking away this choice? Maybe we should give the option to decide on this during install? That way it could be included as an option in 'auto-install' to satisfy the 'security by obsurity/hiding' users / corporate admins needs even in bigger installations. That's my take on the 'userlist' option. Provide the possibility for the user / admin to decide whats needed. Cheers, Yamaban. -- To unsubscribe, e-mail: opensuse-kde+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kde+owner@opensuse.org
+1
2012/5/28 Yamaban
On Mon, 28 May 2012 13:45, Bruno Friedmann
wrote: By default the userlist is shown in kdm. Several time ago security team would like to see it removed.
It was the case mainly due to "broken/non feature" in the previous themes used in 12.1. Now under 12.2 the new theme proposed is fully aware of userlist/domain remote login etc.
But to comply with what security team want then it seems we should have a patch changing the default show userlist to no in /usr/share/kde4/config/kdm/kdmrc.
What is your opinion on that ?
Let's be honest:
- for privat / family use, the userlist is more than just 'usefull', it's needed to considered 'user-friendly'.
- for security relevant use, the ability to 'disable' the userlist is needed to be considered 'secure enough'.
MS-Windows (Vista/7 at least) give the admin the choice.
If even MS can do this, why should we cripple our users in taking away this choice?
Maybe we should give the option to decide on this during install?
That way it could be included as an option in 'auto-install' to satisfy the 'security by obsurity/hiding' users / corporate admins needs even in bigger installations.
That's my take on the 'userlist' option. Provide the possibility for the user / admin to decide whats needed.
Cheers, Yamaban.
-- To unsubscribe, e-mail: opensuse-kde+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kde+owner@opensuse.org
-- To unsubscribe, e-mail: opensuse-kde+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kde+owner@opensuse.org
On Monday 28 May 2012 14.48:36 Rafael Belmonte wrote:
+1
2012/5/28 Yamaban
: On Mon, 28 May 2012 13:45, Bruno Friedmann
wrote: By default the userlist is shown in kdm. Several time ago security team would like to see it removed.
It was the case mainly due to "broken/non feature" in the previous themes used in 12.1. Now under 12.2 the new theme proposed is fully aware of userlist/domain remote login etc.
But to comply with what security team want then it seems we should have a patch changing the default show userlist to no in /usr/share/kde4/config/kdm/kdmrc.
What is your opinion on that ?
Let's be honest:
- for privat / family use, the userlist is more than just 'usefull', it's needed to considered 'user-friendly'.
- for security relevant use, the ability to 'disable' the userlist is needed to be considered 'secure enough'.
MS-Windows (Vista/7 at least) give the admin the choice.
If even MS can do this, why should we cripple our users in taking away this choice?
Maybe we should give the option to decide on this during install?
That way it could be included as an option in 'auto-install' to satisfy the 'security by obsurity/hiding' users / corporate admins needs even in bigger installations.
That's my take on the 'userlist' option. Provide the possibility for the user / admin to decide whats needed.
Cheers, Yamaban.
You don't understand, the choice is there. What I'm asking here, is which is the default proposed by openSUSE userlist on or off On a strict design point of view on screen <= 800 px wide userlist will overlap. Sorry I've not find a way to resize (downsize) the userlist icons and label correctly) Kdm isn't especially smart. -- Bruno Friedmann Ioda-Net Sàrl www.ioda-net.ch openSUSE Member & Ambassador GPG KEY : D5C9B751C4653227 irc: tigerfoot -- To unsubscribe, e-mail: opensuse-kde+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kde+owner@opensuse.org
In data lunedì 28 maggio 2012 15:41:34, Bruno Friedmann ha scritto:
What I'm asking here, is which is the default proposed by openSUSE userlist on or off
I think that only root should be hidden by default
On a strict design point of view on screen <= 800 px wide userlist will overlap. Sorry I've not find a way to resize (downsize) the userlist icons and label correctly) Kdm isn't especially smart. Nowdays < 800px is almost a corner case... Bye. -- *** Linux user # 198661 ---_ ICQ 33500725 *** *** Home http://www.kailed.net *** *** Powered by openSUSE ***
-- To unsubscribe, e-mail: opensuse-kde+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kde+owner@opensuse.org
Dito +1
Quoting Yamaban
On Mon, 28 May 2012 13:45, Bruno Friedmann
wrote: By default the userlist is shown in kdm. Several time ago security team would like to see it removed.
It was the case mainly due to "broken/non feature" in the previous themes used in 12.1. Now under 12.2 the new theme proposed is fully aware of userlist/domain remote login etc.
But to comply with what security team want then it seems we should have a patch changing the default show userlist to no in /usr/share/kde4/config/kdm/kdmrc.
What is your opinion on that ?
Let's be honest:
- for privat / family use, the userlist is more than just 'usefull', it's needed to considered 'user-friendly'.
- for security relevant use, the ability to 'disable' the userlist is needed to be considered 'secure enough'.
MS-Windows (Vista/7 at least) give the admin the choice.
If even MS can do this, why should we cripple our users in taking away this choice?
Maybe we should give the option to decide on this during install?
That way it could be included as an option in 'auto-install' to satisfy the 'security by obsurity/hiding' users / corporate admins needs even in bigger installations.
That's my take on the 'userlist' option. Provide the possibility for the user / admin to decide whats needed.
Cheers, Yamaban. -- To unsubscribe, e-mail: opensuse-kde+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kde+owner@opensuse.org
-- To unsubscribe, e-mail: opensuse-kde+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kde+owner@opensuse.org
Mandag den 28. maj 2012 13:45:48 Bruno Friedmann skrev:
By default the userlist is shown in kdm. Several time ago security team would like to see it removed.
I think users want the userlist. And I think the security gains of hiding it by default must be very limited - if any. Maybe something to add to the Security vs. Convenience discussion on the - factory mailinglist and wiki. http://en.opensuse.org/openSUSE:Security_use_cases -- To unsubscribe, e-mail: opensuse-kde+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kde+owner@opensuse.org
On Monday 28 May 2012 14.56:59 Martin Schlander wrote:
Mandag den 28. maj 2012 13:45:48 Bruno Friedmann skrev:
By default the userlist is shown in kdm. Several time ago security team would like to see it removed.
I think users want the userlist. And I think the security gains of hiding it by default must be very limited - if any.
Maybe something to add to the Security vs. Convenience discussion on the - factory mailinglist and wiki.
Why is it not already in? :-) I will escape any big thread where only bla is done. I need todo and precise action. Changing any bit in this theme, need half an hour to recreate the tar.gz for the branding and then upload it to obs, rebuild base:system/branding-opensuse and sr it to factory + the time to check if the sr has been accepted + time to synchronize the git repository. The userlist has been off by the offered design on the last 2 releases 11.4 and 12.1 Did we want to change that : yes / no -- Bruno Friedmann Ioda-Net Sàrl www.ioda-net.ch openSUSE Member & Ambassador GPG KEY : D5C9B751C4653227 irc: tigerfoot -- To unsubscribe, e-mail: opensuse-kde+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kde+owner@opensuse.org
On 05/28/2012 04:45 AM, Bruno Friedmann wrote:
By default the userlist is shown in kdm. Several time ago security team would like to see it removed.
It was the case mainly due to "broken/non feature" in the previous themes used in 12.1. Now under 12.2 the new theme proposed is fully aware of userlist/domain remote login etc.
But to comply with what security team want then it seems we should have a patch changing the default show userlist to no in /usr/share/kde4/config/kdm/kdmrc.
What is your opinion on that ?
If my opinion is worth anything I would go with the default to not show the userlist. I believe what the "security team" says is correct. It would be nice if the administrator of the box can easily change to show the userlist if they should desire it. However, I am not a developer and do not know how hard it would be to implement the change. Eric Meddleton -- To unsubscribe, e-mail: opensuse-kde+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kde+owner@opensuse.org
On Monday 28 May 2012 11.38:58 Eric wrote:
On 05/28/2012 04:45 AM, Bruno Friedmann wrote:
By default the userlist is shown in kdm. Several time ago security team would like to see it removed.
It was the case mainly due to "broken/non feature" in the previous themes used in 12.1. Now under 12.2 the new theme proposed is fully aware of userlist/domain remote login etc.
But to comply with what security team want then it seems we should have a patch changing the default show userlist to no in /usr/share/kde4/config/kdm/kdmrc.
What is your opinion on that ?
If my opinion is worth anything I would go with the default to not show the userlist. I believe what the "security team" says is correct.
It would be nice if the administrator of the box can easily change to show the userlist if they should desire it.
However, I am not a developer and do not know how hard it would be to implement the change.
Absolute no programming change : once you have a theme that allow it, systemsettings -> display manager -> users tab -> check on userlist and manage what you want to see. :-) -- Bruno Friedmann Ioda-Net Sàrl www.ioda-net.ch openSUSE Member & Ambassador GPG KEY : D5C9B751C4653227 irc: tigerfoot -- To unsubscribe, e-mail: opensuse-kde+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kde+owner@opensuse.org
On Monday, May 28, 2012 09:39:53 PM Bruno Friedmann wrote:
On Monday 28 May 2012 11.38:58 Eric wrote:
On 05/28/2012 04:45 AM, Bruno Friedmann wrote:
By default the userlist is shown in kdm. <Quote> Absolute no programming change : once you have a theme that allow it, systemsettings -> display manager -> users tab -> check on userlist and manage what you want to see. :-)
-- Bruno Friedmann Ioda-Net Sàrl www.ioda-net.ch
</Quote> on 12.1 I find this setting under configure desktop--> System administration--> Login Screen. does this change on 12.2 to the path you stated? Russ openSUSE 12.1(3.1.10-1.9-desktop x86_64)|KDE Platform Version 4.8.3 (4.8.3) "release 503"|Intel core2duo 2.5 MHZ,|8GB DDR3|GeForce 8400GS(NVIDIA-Linux-x86_64-295.53) -- To unsubscribe, e-mail: opensuse-kde+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kde+owner@opensuse.org
on 12.1 I find this setting under configure desktop--> System administration--> Login Screen.
does this change on 12.2 to the path you stated?
Russ
No same path and module, sorry -- Bruno Friedmann Ioda-Net Sàrl www.ioda-net.ch openSUSE Member & Ambassador GPG KEY : D5C9B751C4653227 irc: tigerfoot -- To unsubscribe, e-mail: opensuse-kde+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kde+owner@opensuse.org
Am Montag, 28. Mai 2012, 21:39:53 schrieb Bruno Friedmann:
Absolute no programming change : once you have a theme that allow it, systemsettings -> display manager -> users tab -> check on userlist and manage what you want to see. :-)
What about https://bugzilla.novell.com/show_bug.cgi?id=267903 does it not affect that feature of the systemsettings module? Sven -- To unsubscribe, e-mail: opensuse-kde+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kde+owner@opensuse.org
On Tuesday 29 May 2012 05.49:45 Sven Burmeister wrote:
Am Montag, 28. Mai 2012, 21:39:53 schrieb Bruno Friedmann:
Absolute no programming change : once you have a theme that allow it, systemsettings -> display manager -> users tab -> check on userlist and manage what you want to see. :-)
What about https://bugzilla.novell.com/show_bug.cgi?id=267903 does it not affect that feature of the systemsettings module?
Interesting bug. But what people seems to have missed in that case. There 2 series of instructions in that file. some for Xorg, some for kdm, and I bet that part is changed when you install another DM. -- Bruno Friedmann Ioda-Net Sàrl www.ioda-net.ch openSUSE Member & Ambassador GPG KEY : D5C9B751C4653227 irc: tigerfoot -- To unsubscribe, e-mail: opensuse-kde+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kde+owner@opensuse.org
participants (9)
-
Bruno Friedmann
-
Daniele
-
Dr. Ralf Czekalla
-
Eric
-
Martin Schlander
-
Rafael Belmonte
-
Sven Burmeister
-
upscope
-
Yamaban