Bug 237920

Summary: Yast requires set of user passwords during openSUSE setup - plz make it non mandatory
Product: [openSUSE] openSUSE 10.3 Reporter: Alexey Eremenko <al4321>
Component: YaST2Assignee: Jiří Suchomel <jsuchome>
Status: RESOLVED WONTFIX QA Contact: Jiri Srain <jsrain>
Severity: Enhancement    
Priority: P5 - None CC: kukuk
Version: unspecified   
Target Milestone: ---   
Hardware: All   
OS: Other   
Whiteboard:
Found By: Third Party Developer/Partner Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Alexey Eremenko 2007-01-23 19:33:51 UTC 
Do you know that during openSUSE install Yast *requires* you to set user-password?

It is simply wrong. Linux as a Free system should not force people to do that.

In addition to that Yast auto-setups auto-login, which anyways negates
the user-password effect.
Plus, for single user systems, (all home PCs) having a user password
won't improve security in any way.

I call to people: please make user-passwords during Yast SUSE setup
non-mandatory.
Comment 1 Jiří Suchomel 2007-01-24 15:03:13 UTC 
You do not have to setup auto-login. And you do not have to create user account.

But it is a default policy for SUSE Linux to require passwords for users.
Comment 2 Alexey Eremenko 2007-01-24 18:25:34 UTC 
The system should NOT force me to work this way, or that way!
It is completely unacceptable behavior!
Comment 3 Jiří Suchomel 2007-01-25 07:36:41 UTC 
Why?
What do you want to achieve?
Comment 4 Alexey Eremenko 2007-01-25 19:10:16 UTC 
Look: on a single-user computer (at Home), where I trust all members, a root password has big impact of security (agains malware) - I don't ask to cancel that.

But in addition to root password, Yast requires you to create a user password.

It is a false sense of security, because on a single-user machine, that user is always logged in, therefore it is the same if there is a user password, or no password (passwordless user account).

Because user account password on a single-user system (at Home) doesn't add to the system security, I wish to be able to install a SUSE system passwordless.

Now you are *forced to* type at least 3 things during SUSE setup: root-password, user-name and user-password. I wish to decrease this number to 2: root-password and user-name. This won't hurt Home Linux security in any way.
SUSE Linux allows this with "passwd" command or manual config file editing, but not in Yast.

This feature will make SUSE more user-friendly under home environments.
Please add it.
Comment 5 Jiří Suchomel 2007-01-26 09:05:40 UTC 
You can
1. not add new user during installation. Later you can run yast2 security and set the minimal password length to 0. Than you can add new user with empty password. Currently, yast2-users just behaves correctly as it follows the rules for password length.

2. You can add new user during installation and enable autologin - that way you don't have to care about password.
Comment 8 Alexey Eremenko 2007-01-26 09:35:19 UTC 
OK, but the setup process will be simpler if I could use passwordless user accounts. (by default having password-length 0)
I don't like the way that the setup forces me to do something this-or-that way.
I want to be able to control every part of it.
Comment 9 Thorsten Kukuk 2007-01-26 09:52:54 UTC 
Allowing passwordless accounts may be ok in your very specific situation, where the computer is _never_ reacheable from outside, means none of your computers will ever dial into the internet.

Allowing passwordless accounts will have the bad effect, that even users, who dial in will not use passwords and everybody can easyly hack their machines. This would give a very bad reputation for Linux. So we will not change this behavior.