storing password as plain text is not secure
Bug #977524 reported by
Pavol Klačanský
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Landscape Client |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Hi, after browsing gsettings with dconf-editor I have found that my password is stored as plaintext.
I would prefer store it in keyring (I have encrypted home, it is more cleaner to use keyring)
Thanks
To post a comment you must log in.
Just a note: this is what we call the "account password", and only controls access to computer registration *requests*. It's not the administrator's login password.
If your landscape account (not login: the *account*, like company name) is set to require a password (see "account settings"), then computers will only be able to *request* registrations if they use this password.
With or without a password, all computer registration requests become pending computers and need explicit administrator approval in order to be accepted. There is no automatic registration except for the LDS case, which is a different thing.
If you have an account password and the requesting computer didn't supply it, then it won't even become a pending computer. If the password was supplied correctly, or if there is no password for the account, then the requesting computer will become a pending computer also.