Unfortunately, I copied my kdmrc file from a kde3 installation which most certianly does store clear text passwords in the file. Perhaps kde4 has fixed this.
brad On 1/23/09, Terence Simpson <[email protected]> wrote: > As far as I can tell, no passwords are stored in kdmrc (at least in > KDE4), even with Auto-Login and/or Password-less Login features enabled. > Can you provide an example of this happening? (Obviously without > disclosing any passwords on your system) > > ** Changed in: kdebase (Ubuntu) > Status: Confirmed => Incomplete > > -- > /var/run/kdm/kdmrc world readable w/ passwords > https://bugs.launchpad.net/bugs/260922 > You received this bug notification because you are a direct subscriber > of the bug. > > Status in "kdebase" source package in Ubuntu: Incomplete > > Bug description: > Binary package hint: kdebase > > /etc/init.d/kdm runs genkdmconf to create (among other things) > /var/run/kdm/kdmrc as a copy of /etc/kde3/kdm/kdmrc. If autologin is used, > these files will both contain user passwords in plain text. They must not > be world readable. But even if you 'chmod 600 /etc/kde3/kdm/kdmrc' the copy > created by /etc/init.d/kdm at boot time is world readable! > > To fix this apply the attached patch to /etc/init.d/kdm. > > > brad > P.S. The same patch (give or take a few line numbers) could probably also > be applied to /etc/init.d/kdm-kde4. > > > ProblemType: Bug > Architecture: i386 > Date: Sun Aug 24 12:51:23 2008 > DistroRelease: Ubuntu 8.04 > Package: kdm 4:3.5.9-0ubuntu7.3 > PackageArchitecture: i386 > SourcePackage: kdebase > Uname: Linux 2.6.24-19-generic i686 > -- /var/run/kdm/kdmrc world readable w/ passwords https://bugs.launchpad.net/bugs/260922 You received this bug notification because you are a member of Kubuntu Bugs, which is subscribed to kdebase in ubuntu. -- kubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/kubuntu-bugs
