Announcement

Collapse
No announcement yet.

Fedora 32 Might Disallow Empty Passwords For Local Users By Default

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #21
    Originally posted by starshipeleven View Post
    WTF are you talking about, most distros allow to set an empty password.
    And Fedora will continue to do so... you'll just have to make a small change to the default PAM config first. Presumably on the basis that anyone incapable of re-enabling blank passwords shouldn't be encouraged to use them.

    Comment


    • #22
      Originally posted by andyprough View Post
      I fail to see the security value, since regular low-info home users don't use Fedora.
      I fail to see regular low-info home users *installing* any Linux. But using after having it set up? Sure. My mom, dad, cousin, do use Fedora on their laptops just fine. Regular low-info home users just need KDE, web browser, printer and usb for digital camera working.
      And there, user accounts are only for identification (bookmarks sync, web pages logins, cookies selection), not authorisation, so passwords are not necessary.
      Last edited by reavertm; 27 November 2019, 05:46 AM.

      Comment


      • #23
        At home there's my account with a strong password and a guest account without password (I'm using fedora).

        Comment


        • #24
          Originally posted by patrakov View Post

          Not exactly. The password is needed for sudo and for pkexec.
          Realistically, no power user would go without a password. It's for kids and grannies and similar users. You don't want them to be able to sudo anyway.

          Comment


          • #25
            Originally posted by starshipeleven View Post
            You can set empty password in Windows. Does not mean you are running as Administrator, as to do that it will still prompt you to confirm elevation of privilege.
            You can already achieve this under Linux with polkit. I believe the next version of GNOME will even support just clicking "Accept" or "Deny" for users without passwords.

            The reaction to this has been negative, imho a better solution is if a user has no password, disallow usage of su and sudo. rely on polkit for any elevated actions.
            Last edited by Britoid; 27 November 2019, 06:10 AM.

            Comment


            • #26
              Originally posted by Danny3 View Post
              No wonder Linux has a less than 1% market share with stupid decision in the name of security!
              How about letting the user choose what he / she wants and stop assuming that the user is an idiot ?
              I intentionally put a very short and weak passord because I'm tired to fucking write it 100 times a day as Linux distro ask for it for even the most basic things.
              Being asked for the password in a virtual machine is even more insane!
              The whole Linux security model is really screwed up and these security enhancement that just annoy the user makes it even worse.
              macOS doesn't let you set an empty password either. No wonder it has less than 1% market share with stupid decision in the name of security!

              OH WAIT...
              Last edited by Vistaus; 27 November 2019, 01:10 PM.

              Comment


              • #27
                Originally posted by starshipeleven View Post
                You can set empty password in Windows. Does not mean you are running as Administrator, as to do that it will still prompt you to confirm elevation of privilege.
                No, you can REMOVE a user password in Windows. That's NOT the same as having an empty password by default as Linux usually allows.

                Comment


                • #28
                  Originally posted by Vistaus View Post
                  No, you can REMOVE a user password in Windows. That's NOT the same as having an empty password by default as Linux usually allows.
                  You can install Windows and not write any password when you create your user, and after installation it will not ask for a password and autologin. Works from WinXP to Win10.

                  This is EXACTLY what most Linux distros also do.

                  Comment


                  • #29
                    Originally posted by reavertm View Post

                    I fail to see regular low-info home users *installing* any Linux. But using after having it set up? Sure. My mom, dad, cousin, do use Fedora on their laptops just fine. Regular low-info home users just need KDE, web browser, printer and usb for digital camera working.
                    And there, user accounts are only for identification (bookmarks sync, web pages logins, cookies selection), not authorisation, so passwords are not necessary.
                    as long as they are ok with anyone else in the family to be able to see their mail and what porn they fapped at. I can understand basic crappy passwords, but no passwords seems a bit too "I have nothing to hide" for me.

                    Comment


                    • #30
                      Originally posted by starshipeleven View Post
                      You can install Windows and not write any password when you create your user, and after installation it will not ask for a password and autologin. Works from WinXP to Win10.

                      This is EXACTLY what most Linux distros also do.
                      Does not work that way on Windows 10 (not sure about earlier versions, I'm gonna give you the benefit of doubt there).

                      Comment

                      Working...
                      X