Bug 19188

Summary: sddm should not remember last username who logged in (at least in secure mode)
Product: Mageia Reporter: David Walser <luigiwalser>
Component: RPM PackagesAssignee: KDE maintainers <kde>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: Normal CC: cae, doktor5000, mageia
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
See Also: https://bugs.mageia.org/show_bug.cgi?id=19611
Whiteboard:
Source RPM: msec CVE:
Status comment:

Description David Walser 2016-08-12 18:49:00 CEST 
Our default SDDM theme doesn't show a user list, which is good, at least for secure environments where you don't want to disclose the names of valid users.  Unfortunately, it does always remember the last user who logged in and automatically fill the user name field.

I know this can be convenient for less secure cases, but those cases would be better served with a theme that does show the user list.  At least in msec secure mode, it should not be showing any user names.
David Walser 2016-08-12 18:49:08 CEST

CC: (none) => doktor5000

Comment 1 Charles Edwards 2016-08-12 20:38:57 CEST 
I do not have a horse in the race and could work with either default but I do not really see a need to change it.

If user|administrator, for added security, wishes last user not to be displayed.
Set 'RememberLastUser=false' in /etc/sddm.conf

It just seems odd to me that we still allow systems to be set-up for autologin but then say we are causing unnessassary security issues by allowing sddm to remember last user.

CC: (none) => cae

Comment 2 David Walser 2016-08-12 20:41:42 CEST 
Thanks Charles, so msec just needs to add that opton to sddm.conf.  Bugs like this exist because msec's sddm integration hasn't been written AFAIK.  It still only works with kdm and other DM's that have existed longer.

No need to think it's odd.  We support multiple different use cases.

Source RPM: sddm-0.13.0-6.mga6.src.rpm => msec

Samuel Verschelde 2016-08-25 16:23:52 CEST

Assignee: mageia => kde

papoteur 2016-10-17 19:22:07 CEST

See Also: (none) => https://bugs.mageia.org/show_bug.cgi?id=19611

Comment 3 Mageia Robot 2016-10-23 13:32:59 CEST 
commit 5ed5287f56339f39e36aa50ed5e081fec58ef6a8
Author: Papoteur <papoteur@...>
Date:   Sun Oct 23 10:20:26 2016 +0200

    manage RememberLastUser in sddm.conf according to allow_user_list (mga#19188)
---
 Commit Link:
   http://gitweb.mageia.org/software/msec/commit/?id=5ed5287f56339f39e36aa50ed5e081fec58ef6a8
Comment 4 Nicolas Lécureuil 2017-03-21 09:50:28 CET 
closing as fixed by commit 5ed5287f56339f39e36aa50ed5e081fec58ef6a8

Status: NEW => RESOLVED
CC: (none) => mageia
Resolution: (none) => FIXED