After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 649816 - Disabled accounts can be set to autologin
Disabled accounts can be set to autologin
Status: RESOLVED FIXED
Product: gnome-control-center
Classification: Core
Component: User Accounts
3.0.x
Other All
: Normal minor
: ---
Assigned To: Control-Center Maintainers
Control-Center Maintainers
: 649814 (view as bug list)
Depends on:
Blocks:
 
 
Reported: 2011-05-09 17:12 UTC by Christoph Wickert
Modified: 2011-09-30 12:39 UTC
See Also:
GNOME target: ---
GNOME version: 2.91/3.0

Attachments
users: prevent autologin for disabled users (2.23 KB, patch)
2011-08-25 16:43 UTC, Matthias Clasen 		committed Details | Review

Description Christoph Wickert 2011-05-09 17:12:21 UTC 
Description of problem:
Disabled accounts can be set to log in automatically.

Version-Release number of selected component (if applicable):
control-center-3.0.1.1-4.fc15

How reproducible:
always

Steps to Reproduce:
1. 'System settings' -> 'User Accounts' -> Add user
2. By default the account is disabled until you enter a password (see bug 703216)

Actual results:
Although the account is disabled it can be set to automatic login. This results in no login the next time you start GDM

Expected results:
1. The autologin option should not be available for disabled accounts
2. Automatic login should be possible without passwords.
Comment 1 Bastien Nocera 2011-06-10 16:25:46 UTC 
Bug 703216?
Comment 2 Bastien Nocera 2011-06-10 16:26:23 UTC 
Never mind, it's bug 649814
Comment 3 Christoph Wickert 2011-06-11 00:01:06 UTC 
Yes, bug 649814 is the correct one. Sorry for the typo.

Bug 649814 is about accounts without password that cannot be enabled.
This bug is about accounts that can be set to auto login although they are disabled.
Comment 4 Christoph Wickert 2011-07-17 21:59:31 UTC 
*** Bug 649814 has been marked as a duplicate of this bug. ***
Comment 5 Christoph Wickert 2011-07-17 22:04:27 UTC 
Ok, as Philippe pointed out in bug 649814 the two bugs were indeed related.

Right after creation of an account the field "Password" reads "This account is disabled" (instead of "None" which is correctly displayed later), so *enabling* the account is seems logical. However disabling or enabling an account has
*nothing* to do with the password. Even if you disable an account the password
remains the same.

This being said the disable/enable option should not be in the password dialog
but in the accounts dialog. It should be a slider below "Password" and above
"Automatic login". Automatic login should then only be greyed out and only become available if the account is really enabled. This would fix this bug and avoid confusion as in bug 649814.

Does this make sense?
Comment 6 Matthias Clasen 2011-08-25 16:43:55 UTC 
The following fix has been pushed:
64419bf users: prevent autologin for disabled users
Comment 7 Matthias Clasen 2011-08-25 16:43:58 UTC 
Created attachment 194715 [details] [review]
users: prevent autologin for disabled users

gdm can't handle this currently, so prevent this situation
from happening. Forcibly turning off the autologin when an
account is disabled is a slightly odd side-effect, but
good enough in practice.
Comment 8 Sebastien Bacher 2011-09-30 12:39:44 UTC 
The issue seems to still be there in 3.2.0...