We really don't have a way to have the packages installed but the service stopped/unavailable until the user needs it?
2014/1/5 Steve Langasek <[email protected]> > On Sun, Jan 05, 2014 at 12:47:47PM -0500, Stéphane Graber wrote: > > Ubuntu has a no open port by default policy at least for the Desktop > > installation. If you look at a default Ubuntu Desktop system the only > > exceptions you should see to that rule are the DHCP client (which needs > > to listen on udp/68) and avahi-daemon (which needs to listen on > > udp/5353). > > > So having samba installed and running by default isn't an option and > > would be a potential security risk for millions of systems which do not > > need the service at all anyway. > > > I think having nautilus prompt the user for those packages to be > > installed is perfectly reasonable, having to restart the session however > > seems a bit odd to me and shouldn't be a requirement. > > The requirement follows from the fact that CIFS shares require a different > password hash to be available on the server system for authentication than > the one used by default in /etc/shadow, and while the permissions on the > file managed by libpam-smbpasswd are secure, the NTLM hashes are strictly > weaker than the hashes used for /etc/shadow, which exposes users to greater > risk of password cracking if the database is stolen. So since these hashes > are not generated until the user opts in to CIFS sharing through nautilus > (changing their PAM config), the session logout/login is unavoidable. > > -- > Steve Langasek Give me a lever long enough and a Free OS > Debian Developer to set it on, and I can move the world. > Ubuntu Developer http://www.debian.org/ > [email protected] [email protected] > -- Pablo Almeida http://www.google.com/profiles/pabloalmeidaff9
-- ubuntu-desktop mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-desktop
