New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

allow users to use their account password for `ondevice login` #19

Closed
mreithub opened this Issue Dec 4, 2017 · 1 comment

Comments

Projects
None yet
1 participant
@mreithub
Member

mreithub commented Dec 4, 2017

if users use their account password for ondevice login, an auth key (probably with the manage role) should be created for them.

For that to work:

  • the API servers need to add support for requests to the /keyInfo
  • the client completely relies on the server to tell it the difference between the two cases.
  • ondevice login should print a warning (discouraging people from using their account password in scripts).
  • this should NOT work in the config assistant of debian's ondevice-daemon package (we don't want debian to store the password in plain text)

Obviously the client would not store that password, but the secret key the server creates in that case.

Oh, and since older versions of ondevice don't have support for storing a server-provided secret instead of the one the user entered, we need to find a way for old clients to fail gracefully.

The server sends client a warning or error feature might be used in the future to send other messages to the client.

@mreithub mreithub added this to the v0.6 milestone Dec 4, 2017

@mreithub

This comment has been minimized.

Member

mreithub commented Jan 28, 2018

A little update:

I'm thinking about making this a won't fix (at least for now).

The reason is that ondevice-daemon on debian stores the login info in debconf.
There seem to be ways around that (fetch, login, clear), but the complexity of that seems a bit out of scope for now.

Pure device keys (i.e. without any connect/... permissions) are considered nonsensitive information, so storing them in plaintext in debconf (or anywhere else for that matter) is relatively unproblematic.

(there are plans to store them more securely at a later time)

For now I've opted to simply add info texts to ondevice login and debconf (telling users not to use their account password).
Also, the first steps in the control panel point very clearly in that direction.

@mreithub mreithub closed this Jan 28, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment