[kde-freebsd] issues with most recent KDE

Mikhail T. mi+metlife at aldan.algebra.com
Wed Jul 11 16:58:34 CEST 2007 

Michael Nottebrock wrote:
> The nice gui really does nothing but let kdm use a different pam service for 
> those users selected for passwordless logins.
>   
The nice GUI puts the proper NoPasswordUserList=... into kdmrc. If kdm 
(mis)interprets that as a need to look for some other (nonexistant!) PAM 
config file, that's a bug in KDM...
> As for automatically installing the service definition: There is no mechanism 
> in ports to automatically do this, doing it in the port would be quite ugly 
> and intrusive (I don't think any port should diddle with anything 
> in /etc/pam.d, much less a kde port) and finally, passwordless convenience 
> logins and a pam service definition that doesn't check passwords are such a 
> security hazard that I reckon it's okay to give users who really want to use 
> it anyway the bit of extra trouble to look at the FAQ. :)
>   
This is a generally paternalistic view. It is also wrong in this 
particular case. KDM, which does not even listen for remote connections 
by default is quite safe.

There is also the question of accounts, without passwords at all. KDM 
rejects such users, even when told not to. So does sshd. Amending sshd's 
behavior is easy -- set PermitEmptyPasswords in /etc/ssh/sshd_config. 
Amending kdm's is undully difficult. Does Linux come with kdm-np PAM entry?
>>>> 	   Even if the user clicks "Forever", they still get prompted
>>>> 	   next time kmail is started.
>>>>         
>>> Sounds like kded isn't running - if you have the klaptopdaemon port
>>> installed,
>>>       
>> Mmm, this is not a laptop. I don't know, what kded nor klaptopdaemon
>> are... Again, this is a new install of KDE from ports.
>>     
>
> Actually, I'm not so sure anymore if this is kded/kwallet issue, but anyway: I 
> *think* that certificate acceptance settings are stored in a user's kwallet 
> (along with account passwords), so make sure you have kwallet set up.
This user's account does not have wallet configured, that's true. KMail 
even issues due warnings about storing e-mail account password outside 
of wallet. However, in case of the certificate there is no 
warning/question about wallet... It simply asks "Forever" or "For now" 
and even if you pick "Forever", it will ask again, the next time it 
needs to (re)establish to connection.

Yours,

    -mi

More information about the kde-freebsd mailing list