[opensuse-kde] kdm on 12.2 (also in 12.1) use the show userlist by default

newer
[opensuse-kde] a rpm with a wrong...

Bruno Friedmann

28 May 2012 28 May '12

11:45

By default the userlist is shown in kdm. Several time ago security team would like to see it removed. It was the case mainly due to "broken/non feature" in the previous themes used in 12.1. Now under 12.2 the new theme proposed is fully aware of userlist/domain remote login etc. But to comply with what security team want then it seems we should have a patch changing the default show userlist to no in /usr/share/kde4/config/kdm/kdmrc. What is your opinion on that ? -- Bruno Friedmann Ioda-Net Sàrl www.ioda-net.ch openSUSE Member & Ambassador GPG KEY : D5C9B751C4653227 irc: tigerfoot -- To unsubscribe, e-mail: opensuse-kde+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kde+owner@opensuse.org

Show replies by date

Yamaban

28 May 28 May

12:33

New subject: [opensuse-kde] Re: kdm on 12.2 (also in 12.1) use the show userlist by default

On Mon, 28 May 2012 13:45, Bruno Friedmann wrote:

...

By default the userlist is shown in kdm. Several time ago security team would like to see it removed.

It was the case mainly due to "broken/non feature" in the previous themes used in 12.1. Now under 12.2 the new theme proposed is fully aware of userlist/domain remote login etc.

But to comply with what security team want then it seems we should have a patch changing the default show userlist to no in /usr/share/kde4/config/kdm/kdmrc.

What is your opinion on that ?

Let's be honest: - for privat / family use, the userlist is more than just 'usefull', it's needed to considered 'user-friendly'. - for security relevant use, the ability to 'disable' the userlist is needed to be considered 'secure enough'. MS-Windows (Vista/7 at least) give the admin the choice. If even MS can do this, why should we cripple our users in taking away this choice? Maybe we should give the option to decide on this during install? That way it could be included as an option in 'auto-install' to satisfy the 'security by obsurity/hiding' users / corporate admins needs even in bigger installations. That's my take on the 'userlist' option. Provide the possibility for the user / admin to decide whats needed. Cheers, Yamaban. -- To unsubscribe, e-mail: opensuse-kde+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kde+owner@opensuse.org

Rafael Belmonte

12:48

New subject: [opensuse-kde] Re: kdm on 12.2 (also in 12.1) use the show userlist by default

+1 2012/5/28 Yamaban :

...

On Mon, 28 May 2012 13:45, Bruno Friedmann wrote:

...
By default the userlist is shown in kdm. Several time ago security team would like to see it removed.

It was the case mainly due to "broken/non feature" in the previous themes used in 12.1. Now under 12.2 the new theme proposed is fully aware of userlist/domain remote login etc.

But to comply with what security team want then it seems we should have a patch changing the default show userlist to no in /usr/share/kde4/config/kdm/kdmrc.

What is your opinion on that ?

Let's be honest:

- for privat / family use, the userlist is more than just 'usefull', it's needed to considered 'user-friendly'.

- for security relevant use, the ability to 'disable' the userlist is needed to be considered 'secure enough'.

MS-Windows (Vista/7 at least) give the admin the choice.

If even MS can do this, why should we cripple our users in taking away this choice?

Maybe we should give the option to decide on this during install?

That way it could be included as an option in 'auto-install' to satisfy the 'security by obsurity/hiding' users / corporate admins needs even in bigger installations.

That's my take on the 'userlist' option. Provide the possibility for the user / admin to decide whats needed.

Cheers, Yamaban.

-- To unsubscribe, e-mail: opensuse-kde+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kde+owner@opensuse.org

-- To unsubscribe, e-mail: opensuse-kde+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kde+owner@opensuse.org

Bruno Friedmann

13:41

New subject: [opensuse-kde] Re: kdm on 12.2 (also in 12.1) use the show userlist by default

On Monday 28 May 2012 14.48:36 Rafael Belmonte wrote:

...

+1

2012/5/28 Yamaban :

...
On Mon, 28 May 2012 13:45, Bruno Friedmann wrote:

...
By default the userlist is shown in kdm. Several time ago security team would like to see it removed.

It was the case mainly due to "broken/non feature" in the previous themes used in 12.1. Now under 12.2 the new theme proposed is fully aware of userlist/domain remote login etc.

But to comply with what security team want then it seems we should have a patch changing the default show userlist to no in /usr/share/kde4/config/kdm/kdmrc.

What is your opinion on that ?

Let's be honest:

- for privat / family use, the userlist is more than just 'usefull', it's needed to considered 'user-friendly'.

- for security relevant use, the ability to 'disable' the userlist is needed to be considered 'secure enough'.

MS-Windows (Vista/7 at least) give the admin the choice.

If even MS can do this, why should we cripple our users in taking away this choice?

Maybe we should give the option to decide on this during install?

That way it could be included as an option in 'auto-install' to satisfy the 'security by obsurity/hiding' users / corporate admins needs even in bigger installations.

That's my take on the 'userlist' option. Provide the possibility for the user / admin to decide whats needed.

Cheers, Yamaban.

You don't understand, the choice is there. What I'm asking here, is which is the default proposed by openSUSE userlist on or off On a strict design point of view on screen <= 800 px wide userlist will overlap. Sorry I've not find a way to resize (downsize) the userlist icons and label correctly) Kdm isn't especially smart. -- Bruno Friedmann Ioda-Net Sàrl www.ioda-net.ch openSUSE Member & Ambassador GPG KEY : D5C9B751C4653227 irc: tigerfoot -- To unsubscribe, e-mail: opensuse-kde+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kde+owner@opensuse.org

Daniele

17:24

New subject: [opensuse-kde] Re: kdm on 12.2 (also in 12.1) use the show userlist by default

In data lunedì 28 maggio 2012 15:41:34, Bruno Friedmann ha scritto:

...

What I'm asking here, is which is the default proposed by openSUSE userlist on or off

I think that only root should be hidden by default

...

On a strict design point of view on screen <= 800 px wide userlist will overlap. Sorry I've not find a way to resize (downsize) the userlist icons and label correctly) Kdm isn't especially smart. Nowdays < 800px is almost a corner case... Bye. -- *** Linux user # 198661 ---_ ICQ 33500725 *** *** Home http://www.kailed.net *** *** Powered by openSUSE ***

-- To unsubscribe, e-mail: opensuse-kde+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kde+owner@opensuse.org

Dr. Ralf Czekalla

20:55

New subject: [opensuse-kde] Re: kdm on 12.2 (also in 12.1) use the show userlist by default

Dito +1 Quoting Yamaban :

...

On Mon, 28 May 2012 13:45, Bruno Friedmann wrote:

...
By default the userlist is shown in kdm. Several time ago security team would like to see it removed.

It was the case mainly due to "broken/non feature" in the previous themes used in 12.1. Now under 12.2 the new theme proposed is fully aware of userlist/domain remote login etc.

But to comply with what security team want then it seems we should have a patch changing the default show userlist to no in /usr/share/kde4/config/kdm/kdmrc.

What is your opinion on that ?

Let's be honest:

- for privat / family use, the userlist is more than just 'usefull', it's needed to considered 'user-friendly'.

- for security relevant use, the ability to 'disable' the userlist is needed to be considered 'secure enough'.

MS-Windows (Vista/7 at least) give the admin the choice.

If even MS can do this, why should we cripple our users in taking away this choice?

Maybe we should give the option to decide on this during install?

That way it could be included as an option in 'auto-install' to satisfy the 'security by obsurity/hiding' users / corporate admins needs even in bigger installations.

That's my take on the 'userlist' option. Provide the possibility for the user / admin to decide whats needed.

Cheers, Yamaban. -- To unsubscribe, e-mail: opensuse-kde+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kde+owner@opensuse.org

-- To unsubscribe, e-mail: opensuse-kde+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kde+owner@opensuse.org

Martin Schlander

12:56

Mandag den 28. maj 2012 13:45:48 Bruno Friedmann skrev:

...

By default the userlist is shown in kdm. Several time ago security team would like to see it removed.

I think users want the userlist. And I think the security gains of hiding it by default must be very limited - if any. Maybe something to add to the Security vs. Convenience discussion on the - factory mailinglist and wiki. http://en.opensuse.org/openSUSE:Security_use_cases -- To unsubscribe, e-mail: opensuse-kde+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kde+owner@opensuse.org

Bruno Friedmann

13:46

On Monday 28 May 2012 14.56:59 Martin Schlander wrote:

...

Mandag den 28. maj 2012 13:45:48 Bruno Friedmann skrev:

...
By default the userlist is shown in kdm. Several time ago security team would like to see it removed.

I think users want the userlist. And I think the security gains of hiding it by default must be very limited - if any.

Maybe something to add to the Security vs. Convenience discussion on the - factory mailinglist and wiki.

http://en.opensuse.org/openSUSE:Security_use_cases

Why is it not already in? :-) I will escape any big thread where only bla is done. I need todo and precise action. Changing any bit in this theme, need half an hour to recreate the tar.gz for the branding and then upload it to obs, rebuild base:system/branding-opensuse and sr it to factory + the time to check if the sr has been accepted + time to synchronize the git repository. The userlist has been off by the offered design on the last 2 releases 11.4 and 12.1 Did we want to change that : yes / no -- Bruno Friedmann Ioda-Net Sàrl www.ioda-net.ch openSUSE Member & Ambassador GPG KEY : D5C9B751C4653227 irc: tigerfoot -- To unsubscribe, e-mail: opensuse-kde+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kde+owner@opensuse.org

Eric

18:38

On 05/28/2012 04:45 AM, Bruno Friedmann wrote:

...

By default the userlist is shown in kdm. Several time ago security team would like to see it removed.

It was the case mainly due to "broken/non feature" in the previous themes used in 12.1. Now under 12.2 the new theme proposed is fully aware of userlist/domain remote login etc.

But to comply with what security team want then it seems we should have a patch changing the default show userlist to no in /usr/share/kde4/config/kdm/kdmrc.

What is your opinion on that ?

If my opinion is worth anything I would go with the default to not show the userlist. I believe what the "security team" says is correct. It would be nice if the administrator of the box can easily change to show the userlist if they should desire it. However, I am not a developer and do not know how hard it would be to implement the change. Eric Meddleton -- To unsubscribe, e-mail: opensuse-kde+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kde+owner@opensuse.org

Bruno Friedmann

19:39

On Monday 28 May 2012 11.38:58 Eric wrote:

...

On 05/28/2012 04:45 AM, Bruno Friedmann wrote:

...
By default the userlist is shown in kdm. Several time ago security team would like to see it removed.

It was the case mainly due to "broken/non feature" in the previous themes used in 12.1. Now under 12.2 the new theme proposed is fully aware of userlist/domain remote login etc.

But to comply with what security team want then it seems we should have a patch changing the default show userlist to no in /usr/share/kde4/config/kdm/kdmrc.

What is your opinion on that ?

If my opinion is worth anything I would go with the default to not show the userlist. I believe what the "security team" says is correct.

It would be nice if the administrator of the box can easily change to show the userlist if they should desire it.

However, I am not a developer and do not know how hard it would be to implement the change.

Absolute no programming change : once you have a theme that allow it, systemsettings -> display manager -> users tab -> check on userlist and manage what you want to see. :-) -- Bruno Friedmann Ioda-Net Sàrl www.ioda-net.ch openSUSE Member & Ambassador GPG KEY : D5C9B751C4653227 irc: tigerfoot -- To unsubscribe, e-mail: opensuse-kde+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kde+owner@opensuse.org

upscope

20:40

On Monday, May 28, 2012 09:39:53 PM Bruno Friedmann wrote:

...

On Monday 28 May 2012 11.38:58 Eric wrote:

...
On 05/28/2012 04:45 AM, Bruno Friedmann wrote:

...
By default the userlist is shown in kdm. <Quote> Absolute no programming change : once you have a theme that allow it, systemsettings -> display manager -> users tab -> check on userlist and manage what you want to see. :-)

-- Bruno Friedmann Ioda-Net Sàrl www.ioda-net.ch

</Quote> on 12.1 I find this setting under configure desktop--> System administration--> Login Screen. does this change on 12.2 to the path you stated? Russ openSUSE 12.1(3.1.10-1.9-desktop x86_64)|KDE Platform Version 4.8.3 (4.8.3) "release 503"|Intel core2duo 2.5 MHZ,|8GB DDR3|GeForce 8400GS(NVIDIA-Linux-x86_64-295.53) -- To unsubscribe, e-mail: opensuse-kde+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kde+owner@opensuse.org

Bruno Friedmann

29 May 29 May

05:01

...

on 12.1 I find this setting under configure desktop--> System administration--> Login Screen.

does this change on 12.2 to the path you stated?

Russ

No same path and module, sorry -- Bruno Friedmann Ioda-Net Sàrl www.ioda-net.ch openSUSE Member & Ambassador GPG KEY : D5C9B751C4653227 irc: tigerfoot -- To unsubscribe, e-mail: opensuse-kde+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kde+owner@opensuse.org

Sven Burmeister

03:49

Am Montag, 28. Mai 2012, 21:39:53 schrieb Bruno Friedmann:

...

Absolute no programming change : once you have a theme that allow it, systemsettings -> display manager -> users tab -> check on userlist and manage what you want to see. :-)

What about https://bugzilla.novell.com/show_bug.cgi?id=267903 does it not affect that feature of the systemsettings module? Sven -- To unsubscribe, e-mail: opensuse-kde+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kde+owner@opensuse.org

Bruno Friedmann

05:09

On Tuesday 29 May 2012 05.49:45 Sven Burmeister wrote:

...

Am Montag, 28. Mai 2012, 21:39:53 schrieb Bruno Friedmann:

...
Absolute no programming change : once you have a theme that allow it, systemsettings -> display manager -> users tab -> check on userlist and manage what you want to see. :-)

What about https://bugzilla.novell.com/show_bug.cgi?id=267903 does it not affect that feature of the systemsettings module?

Interesting bug. But what people seems to have missed in that case. There 2 series of instructions in that file. some for Xorg, some for kdm, and I bet that part is changed when you install another DM. -- Bruno Friedmann Ioda-Net Sàrl www.ioda-net.ch openSUSE Member & Ambassador GPG KEY : D5C9B751C4653227 irc: tigerfoot -- To unsubscribe, e-mail: opensuse-kde+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kde+owner@opensuse.org

4351

Age (days ago)

4352

Last active (days ago)

List overview

Download

13 comments

9 participants

participants (9)

Bruno Friedmann
Daniele
Dr. Ralf Czekalla
Eric
Martin Schlander
Rafael Belmonte
Sven Burmeister
upscope
Yamaban