Created attachment 126087 [details] [review]
Comment on attachment 126087 [details] [review]
Review of attachment 126087 [details] [review]:
makes sense to me, and sorry for the delay. I think we should be specific with the action name, though. since really org.freedesktop.accounts.change-own-user-data could be just as restricted, depending on the policy, having org.freedesktop.accounts.change-own-user-data and org.freedesktop.accounts.change-own-user-data-restricted isn't super clear.
@@ +17,4 @@
> + <action id="org.freedesktop.accounts.change-own-user-data-restricted">
so i'm going to call this org.freedesktop.accounts.change-own-password. Though at some point we may want to go really fine grained, and do something that could facilitate globs... say
etc etc. we'll save that for another day...
Thanks pushed to ssh://git.freedesktop.org/git/accountsservice
9fdd1d9..1b91ffc master -> master
so one thing I didn't quite think about this morning, but remembered at lunch is the rules are different for what passwords are allowed. If we let the user do this without a password we should really enforce the policy rules for passwords.
For now i'm going to set the policy by default to auth_admin, effectively reverting this behavior (but still letting admins set it in their own deployment).
I think we'll probably need to go through PAM if we want to allow a user to change his own password, so we follow the same rules as the passwd command etc.
That's going to probably require a different looking interface than SetPassword, since it entails an interactive conversation between the caller and the authentication system.
Author: Ray Strode <firstname.lastname@example.org>
Date: Fri Aug 18 12:41:59 2017 -0400
data: require an adminstrator password to change own password
We need to enforce this, because otherwise we're allowing the
user to bypass password sanity enforcement rules.
This commit changes the newly added change-own-password action to
jadi saya akan memanggil org.freedesktop.accounts.change-own-password ini. Meskipun pada titik tertentu kita mungkin ingin berbutir halus, dan melakukan sesuatu yang dapat memfasilitasi globs ... katakan
dll. kita akan menyimpannya untuk hari lain ...
Ray Strode [garis batas] <email@example.com>
-- GitLab Migration Automatic Message --
This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity.
You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/accountsservice/accountsservice/issues/17.