Keyring password ( Installation report for UNR 20090324 on Acer Aspire One)
Le mardi 24 mars 2009 à 14:02 +0000, Matt Zimmerman a écrit :
> > I have an 8.10 system where the keyring password and login password > seem to > be out of sync, and I haven't worked out how to fix it. I assume > something > is supposed to keep them in sync? Not right now, libpam-gnome-keyring can be used to sync the gnome-keyring password when using passwd too but that's not set up in ubuntu currently (there is a request on launchpad about that and I tried to get somebody who has a clue about pam to look at how reasonable that would be or if that could create other issues but got no reply). You can use seahorse to change manually your gnome-keyring password though Cheers, Sebastien Bacher -- ubuntu-devel mailing list ubuntu-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel |
Keyring password ( Installation report for UNR 20090324 on Acer Aspire One)
Le mercredi 25 mars 2009 à 12:31 +0000, Matt Zimmerman a écrit :
> This seems perfectly reasonable to me; wifi passwords are not usually > so > sensitive that they need to be encrypted on disk. What about emails, calendar, etc account passwords? Because you will run into the same issue for those Sebastien Bacher -- ubuntu-devel mailing list ubuntu-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel |
Keyring password ( Installation report for UNR 20090324 on Acer Aspire One)
On Wed, Mar 25, 2009 at 01:17:42PM +0000, Sebastien Bacher wrote:
> Le mercredi 25 mars 2009 à 12:31 +0000, Matt Zimmerman a écrit : > > This seems perfectly reasonable to me; wifi passwords are not usually > > so > > sensitive that they need to be encrypted on disk. > > What about emails, calendar, etc account passwords? Because you will run > into the same issue for those That's not ideal, but no worse than most systems out there (including those which auto-login by default). Can you agree that the following user experience is not ideal? 1. User installs a brand new Ubuntu system 2. User attempts to connect to their home wireless network 3. Ubuntu asks them for the wireless access key 4. User provides the access key 5. Ubuntu asks them for a new password they have never heard of Is there something else we could do to improve it, which would be better than what was suggested? -- - mdz -- ubuntu-devel mailing list ubuntu-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel |
Keyring password ( Installation report for UNR 20090324 on Acer Aspire One)
Le mercredi 25 mars 2009 à 13:21 +0000, Matt Zimmerman a écrit :
> Can you agree that the following user experience is not ideal? > Oh I totally agree with that and that's an issue for some years now, I'm just not sure what we can do to fix it > 1. User installs a brand new Ubuntu system > 2. User attempts to connect to their home wireless network > 3. Ubuntu asks them for the wireless access key > 4. User provides the access key > 5. Ubuntu asks them for a new password they have never heard of > > Is there something else we could do to improve it, which would be > better > than what was suggested? "Ubuntu asks them for a new password they have never heard of", do you mean that the wording is unclear? Because they did set this password during the installation or when adding the user Do we want consider autologin as a less secure option? One thing we could do is to set an empty keyring password when autologin is selected during the installation Sebastien Bacher -- ubuntu-devel mailing list ubuntu-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel |
Keyring password ( Installation report for UNR 20090324 on Acer Aspire One)
On 03/25/2009 06:53 AM, Sebastien Bacher wrote:
> Do we want consider autologin as a less secure option? One thing we > could do is to set an empty keyring password when autologin is selected > during the installation But might not some apps keep very sensitive information in the keyring? Cheers, Rick -- ubuntu-devel mailing list ubuntu-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel |
Keyring password ( Installation report for UNR 20090324 on Acer Aspire One)
On Wed, Mar 25, 2009 at 01:53:19PM +0000, Sebastien Bacher wrote:
> Le mercredi 25 mars 2009 à 13:21 +0000, Matt Zimmerman a écrit : > > 1. User installs a brand new Ubuntu system > > 2. User attempts to connect to their home wireless network > > 3. Ubuntu asks them for the wireless access key > > 4. User provides the access key > > 5. Ubuntu asks them for a new password they have never heard of > > > > Is there something else we could do to improve it, which would be better > > than what was suggested? > > "Ubuntu asks them for a new password they have never heard of", do you > mean that the wording is unclear? Because they did set this password > during the installation or when adding the user The dialog asks them to set a new password. The right thing to do is for them to simply enter their login password, but that is not clear. See the attached screenshot. The problem with the dialog is that it strongly indicates that this is a new password, for a new purpose, and does not hint that the existing login password is a good choice. An alternative would be to prompt, by default, for the login password (in a single text box), and offer a radio button to choose to create a different password instead. > Do we want consider autologin as a less secure option? One thing we could > do is to set an empty keyring password when autologin is selected during > the installation Yes, autologin is a less secure option. I think it's still OK to prompt for the password to protect the keyring though, so long as it's obvious what to do. Maybe we could create the keyring at install time when we have the password? -- - mdz -- ubuntu-devel mailing list ubuntu-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel |
Keyring password ( Installation report for UNR 20090324 on Acer Aspire One)
Le mercredi 25 mars 2009 à 06:54 -0700, Rick Spencer a écrit :
> But might not some apps keep very sensitive information in the > keyring? Well, you can't security storage and never enter a password so that's somewhat an user choice The main concern there seems to be the dialog asking to set a keyring password not the one to unlock the keyring though and we can try to address this one for jaunty Sebastien Bacher -- ubuntu-devel mailing list ubuntu-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel |
Keyring password ( Installation report for UNR 20090324 on Acer Aspire One)
On Wed, Mar 25, 2009 at 02:12:44PM +0000, Matt Zimmerman wrote:
> Maybe we could create the keyring at install time when we have the password? I think that's the right choice here. I'm obviously biased towards security, but without a keyring password, the contents of are sitting on disk in the clear -- that's pretty nasty. I'm of the opinion that auto-login should not be allowed, but I realize I'm not going to see that go away. :) -- Kees Cook Ubuntu Security Team -- ubuntu-devel mailing list ubuntu-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel |
Keyring password ( Installation report for UNR 20090324 on Acer Aspire One)
On Wed, Mar 25, 2009, Matt Zimmerman wrote:
> This seems perfectly reasonable to me; wifi passwords are not usually so > sensitive that they need to be encrypted on disk. (Long term non-jaunty: ) I think that's only ok if we shard the keyring-backed passwords into multiple keyrings and add a policy to store certain passwords in certain keyrings. e.g. wifi passwords in the optional non-password protected keyring. We could use the same trick as GConf which has a path of configuration repositories and uses the first writable one, but I think it would be more sensible to have a real policy similar to the policykit/consolekit policies. I don't think it's ok to plan to store all passwords in a non-protected keyring, that gives a false sense of security. -- Loïc Minier -- ubuntu-devel mailing list ubuntu-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel |
Keyring password ( Installation report for UNR 20090324 on Acer Aspire One)
Le mercredi 25 mars 2009 à 14:12 +0000, Matt Zimmerman a écrit :
> On Wed, Mar 25, 2009 at 01:53:19PM +0000, Sebastien Bacher wrote: > The dialog asks them to set a new password. The right thing to do is for > them to simply enter their login password, but that is not clear. See the > attached screenshot. > > Maybe we could create the keyring at install time when we have the password? Right, I think that would be a good idea and fix the confusion about this dialog, we would still have users annoyed to get any password prompt at all though Cheers, Sebastien Bacher -- ubuntu-devel mailing list ubuntu-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel |
| All times are GMT. The time now is 03:20 AM. |
VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.