Comment 15 for bug 307019
Revision history for this message
| James Westby (james-w) wrote Re: [Bug 307019] Re: ecryptfs Private directory not mounted after changing password in users-admin | #15 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
On Thu Aug 27 22:36:16 UTC 2009 Milan Bouchet-Valat wrote:
> Yeah, I forgot that eCryptfs requires the real password to work. It also
> needs the old password BTW, so this will never work if the admin changes
> the password, since he's not likely to know the old one. Thus, I'm not
> sure it's worth using the backends at all. Ideally, D-Bus could provide
> us with a secure connection (why isn't that the case?); we could also
> use a pipe, should be possible but will require some work.
Well, pam can provide enough to ecryptfs for it to do it's job, so going
through pam would buy us this, and much more as well.
I'm not sure about DBus, I think it can provide a connection with some
level of security, but I'm also leaning towards a pipe being the
best solution.
> If your goal is to get this fixed for Alpha 6, better go with a client-
> side solution. Just patch the GUI to call the required program.
That may be wise at this point.
> I'm planning to redesign the GUI in the next cycle, and I may well use
> something like the about-me dialog to change passwords, so that may help
> in the middle-term. In the long term, I'm not sure we really need to
> pass the clear password to the backends, since it would only be useful
> for eCryptfs, which does not fit in our authentication model since the
> admin needs the original password.
It's more than eCryptfs, it allows us to use pam, which is a neccessity
in my eyes, having more than one thing handling all this stuff is going
to keep causing problems.
> I'd eventually go for a solution
> where eCryptfs is setuid so that anybody (here the GUI) can ask the user
> the old and change it if it's the right one. No need for other checks, I
> guess. If the admin changes the password on it own, eCryptfs should show
> a dialog on start asking for the old password so that it is then
> changed. Can you find something better?
I'm pretty certain that If we just pass the new password to pam then it
can do the rest. I belive that using "sudo passwd <user>" doesn't break
eCryptfs.
Thanks,
James