https://bugs.kde.org/show_bug.cgi?id=463863
Bug ID: 463863
Summary: kcm-user modifies /etc/shadow by it's own instead of
calling PAM
Classification: Applications
Product: systemsettings
Version: 5.26.4
Platform: Archlinux
OS: Linux
Status: REPORTED
Severity: normal
Priority: NOR
Component: kcm_users
Assignee: plasma-b...@kde.org
Reporter: joseskvo...@gmail.com
CC: uhh...@gmail.com
Target Milestone: ---
SUMMARY
KCM User Settings writes on /etc/shadow directly by it's own, wich makes KDE to
igmore system's PAM customizations
https://github.com/KDE/kcm-userconfig/blob/master/authdb/pwd.py
A user may have to change steps the systems has to do to change passwords. They
may change how much rounds the system has to do to generate a hash, or even
execute a function to synchronyze the password with cryptograohic features such
as fscrypt. KDE ignores pam.d customizations by modifying /etc/shadow by it's
own, wich may be very risky from mimor issues to critical, such as data loss by
using PAM-synchronized encryptes filesystem in the case the user lost their
backup key.
STEPS TO REPRODUCE
It will depend on your settings, so compare the behaviour changing your
password by using passwd and KDE System Settings
I've noticed this by trying to synchronize my password with my fscrypt
encrypted home, and trying to change it through KDE. While passwd does
synchronizes it, KDE doesn't.
OBSERVED RESULT
KDE system settings rebels against pam.d customizations and set the user
passwords by it's own
EXPECTED RESULT
It should call a system API to change the user pasword through PAM
SOFTWARE/OS VERSIONS
Linux/KDE Plasma: Arch Linux. Kernel 5.18.86-lts x86_64
KDE Plasma Version: 5.26.4
KDE Frameworks Version: 5.101.0
Qt Version: 5.15.7
--
You are receiving this mail because:
You are watching all bug changes.
