Created attachment 126087 [details] [review] patch
Comment on attachment 126087 [details] [review] patch Review of attachment 126087 [details] [review]: ----------------------------------------------------------------- makes sense to me, and sorry for the delay. I think we should be specific with the action name, though. since really org.freedesktop.accounts.change-own-user-data could be just as restricted, depending on the policy, having org.freedesktop.accounts.change-own-user-data and org.freedesktop.accounts.change-own-user-data-restricted isn't super clear. ::: data/org.freedesktop.accounts.policy.in @@ +17,4 @@ > </defaults> > </action> > > + <action id="org.freedesktop.accounts.change-own-user-data-restricted"> so i'm going to call this org.freedesktop.accounts.change-own-password. Though at some point we may want to go really fine grained, and do something that could facilitate globs... say org.freedeskop.accounts.user.set-password org.freedesktop.accounts.user.set-language org.freedesktop.accounts.administrator.set-password org.freedesktop.accounts.addministrator.set-automatic-login etc etc. we'll save that for another day...
Thanks pushed to ssh://git.freedesktop.org/git/accountsservice 9fdd1d9..1b91ffc master -> master
so one thing I didn't quite think about this morning, but remembered at lunch is the rules are different for what passwords are allowed. If we let the user do this without a password we should really enforce the policy rules for passwords. For now i'm going to set the policy by default to auth_admin, effectively reverting this behavior (but still letting admins set it in their own deployment). I think we'll probably need to go through PAM if we want to allow a user to change his own password, so we follow the same rules as the passwd command etc. That's going to probably require a different looking interface than SetPassword, since it entails an interactive conversation between the caller and the authentication system.
commit ccd8388dd026c390667d7bfc6744a730d951166d Author: Ray Strode <rstrode@redhat.com> Date: Fri Aug 18 12:41:59 2017 -0400 data: require an adminstrator password to change own password We need to enforce this, because otherwise we're allowing the user to bypass password sanity enforcement rules. This commit changes the newly added change-own-password action to be auth_admin.
jadi saya akan memanggil org.freedesktop.accounts.change-own-password ini. Meskipun pada titik tertentu kita mungkin ingin berbutir halus, dan melakukan sesuatu yang dapat memfasilitasi globs ... katakan org.freedeskop.accounts.user.set-password org.freedesktop.accounts.user.set-language org.freedesktop.accounts.administrator.set-password org.freedesktop.accounts.addministrator.set-automatic-login dll. kita akan menyimpannya untuk hari lain ... Ray Strode [garis batas] <rstrode@redhat.com>
-- GitLab Migration Automatic Message -- This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity. You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/accountsservice/accountsservice/issues/17.
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.