** Changed in: unity-control-center (Ubuntu)
Status: Triaged => Fix Committed
** Description changed:
+ * Impact
+ disabling accounts which are set to "log in without password" leads to users
still able to log in
+
+ * Test case
+ - use unity-control-center to configure an user password more to "log in
without password"
+ - change the mode to "desactivated"
+ - try to log in with that user
+
+ The user shouldn't be able to log in
+
+ * Regression potential
+ check that the different password modes work as they should
+
+ --------
+
If a user is set to login without a password and subsequently the
account is disabled, the user is not removed from the nopassword login
group. The result is that the user can still login even though the admin
has disabled to account.
This is a security issue and is present in 12.04, 13.10, and 14.04.
This stems from the failure to reset to the password mode away from
password_mode_none to password_mode_regular.
I have submitted a merge proposal to fix this at
https://code.launchpad.net/~echaskes/unity-control-center/fix-user-
password-dialog
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1314886
Title:
Changing user from no password login to disabled leaves user in no
password login group
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/unity-control-center/+bug/1314886/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
