storing password as plain text is not secure
Bug #977524 reported by
Pavol Klačanský
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Landscape Client |
Invalid
|
Undecided
|
Unassigned | ||
Bug Description
Hi, after browsing gsettings with dconf-editor I have found that my password is stored as plaintext.
I would prefer store it in keyring (I have encrypted home, it is more cleaner to use keyring)
Thanks
Revision history for this message
| Andreas Hasenack (ahasenack) wrote | #1 |
Revision history for this message
| Pavol Klačanský (pavolzetor-deactivatedaccount) wrote | #2 |
Revision history for this message
| Andreas Hasenack (ahasenack) wrote | #3 |
Revision history for this message
| 🤖 Landscape Builder (landscape-builder) wrote | #4 |
| Changed in landscape-client: | |
| status: | New → Invalid |
To post a comment you must log in.
Just a note: this is what we call the "account password", and only controls access to computer registration *requests*. It's not the administrator's login password.
If your landscape account (not login: the *account*, like company name) is set to require a password (see "account settings"), then computers will only be able to *request* registrations if they use this password.
With or without a password, all computer registration requests become pending computers and need explicit administrator approval in order to be accepted. There is no automatic registration except for the LDS case, which is a different thing.
If you have an account password and the requesting computer didn't supply it, then it won't even become a pending computer. If the password was supplied correctly, or if there is no password for the account, then the requesting computer will become a pending computer also.