Authentications in Ubuntu
What is this session about?
In this session we will discuss authentication customization on a user, system and deployment level.
What are some issues that currently exist within the realm of authentications?
- Polcykit GUI : There is currently no simplified utility to customize policies
- GNOME Keychain: Upgrading, changing passwords, encrypted wifi requires passphrase if autologin
- Timeout: For every administrative utility used authentication is required. There is a demand for time-based caching (like sudo does) as we are currently requesting that users enter passwords too often.
- Software Center: Password is asked too often (install then remove, install applications in sequence)
- Policykit security flaw: Dialog doesnt block out the entire screen. Can cause unwanted exposing of the password.
Who should attend this session?
- Ubuntu users and developers concerned about policykit authentication issues present in the last few releases.
- Developers with the experience and interest in policykit.
- Ubuntu security team.
[mpt] Design an interface for configuring PolicyKit privileges across user accounts and across machines, publish it and invite implementation: TODO
[repete] Talk with Canonical Corporate Services about whether they want to implement the interface for configuring PolicyKit privileges: TODO
[robert-ancell] rework the keyring creation dialog to be less confusing and only list secure and unsecure options: TODO
[seb128] talk to gnome-keyring upstream about unlocking all pending authentification requests when a password is entered in any of those: TODO
[mpt] Check and report bug about USC using separate permissions for install vs. remove: TODO
[mpt] Design integration of user account icon into the PolicyKit dialog: TODO
[robert-ancell] Implement the design of the user account icon in the PolicyKit dialog: TODO
== UDS session notes ==
Policykit GUI : There is currently no simplified utility to customize policies
- PolicyKit upstream is against something as complex as policykit-1's "Authorizations" window
- command-line interface is available, but too hard to use for many customers
- "hire a consultant!"
- Landscape is a possibility, but is expensive if this is all you want to do with it
GNOME Keychain: Upgrading, changing passwords, encrypted wifi requires passphrase if autologin
- Now, if you use Users & Groups to change your password, it will change your keyring password too
- previously, this didn't work
- fix this for people upgrading (e.g. patch gnome-keyring)
- The first time you connect to encrypted wi-fi, you're asked to set up a keyring
- if you cancel, it will use unsafe storage
- Two dialog boxes are shown, with "Cancel" button meaning use unsafe storage. Dialogs should be combined with clear buttons.
- some people want to log in to Ubuntu automatically, but still encrypt their wi-fi password
Timeout: For every administrative utility used authentication is required. There is a demand for time-based caching (like sudo does) as we are currently requesting that users enter passwords too often.
- If you log in to Ubuntu automatically, multiple applications may ask for your keyring password simultaneously
- Authenticating once doesn't clear the other authentication requests
Software Center: Password is asked too often (install then remove, install applications in sequence)
- Currently asks for password again if you uninstall something while installing something else
- Policykit security flaw: Dialog doesn't block out the entire screen. Can cause unwanted exposing of the password.
-- Should implement auto locking the screen. No focus change and no keyboard cathing change. Something like UAC in Windows Vista.
- this is the worst case of focus-stealing, can be reduced the same ways as other focus stealing
- one solution: make the PolicyKit prompt system-modal
- drawback: prevents referring to other applications (e.g. browser, IM) while prompt is up
- another solution: add an API to PolicyKit so the prompt can be modal to its parent window
- drawback: upstream is hostile to this solution
- Someone said that he had seen a presentation when someone entered the password to the wrong window and the audience had seen it.
-- Solution maybe?: When a PolicyKit window appears, the computer should disable output on the other screen
-- Solution maybe? - edit: Or does not disable the output, but freeze it (so anything entered while the window is there will not be aviable on other screens)
Making PolicyKit look more genuine
- integrate user account icon into the prompt
- its efficacy depends on people setting their own user account icon
- e.g. taking a photo, or choosing from an icon gallery, in the Ubuntu installer
-- what about people with computers not having integrated/
- if the user does not set their icon, we can have a template default icon in the prompt
- We could also simply choose a random one during installation or offer one when they select their user info (username, etc)
What programs are still using gksu?
- Software Sources
- this would require porting gparted to DBus (e.g. udisks)
- Palimpsest already does this
- maybe just improve palimpsest instead?
- The window we enter the wireless key into (this is a question, please correct me if I'm wrong!!)?
- no, neither NetworkManager nor gnome-keyring use gksu
If we can port or demote these, we can get gksu off the CD