------=_Part_45616_13229138.1216052324550

Content-Type: text/plain; charset=ISO-8859-1

Content-Transfer-Encoding: 7bit

Content-Disposition: inline
On Mon, Jul 14, 2008 at 6:13 PM, Kalle Happonen

wrote:
> thomasg wrote:

quoted text
> > On Mon, Jul 14, 2008 at 5:22 PM, arne anka  > > wrote:

> >

> >     > Of course you can create another user, as you are used to on any

> >     unix

> >     > system.

> >     > It just doesn't ship with one because the distro comes in

> >     ready-to-deploy

> >     > images, not with a installer like the binary-distro-people are

> >     used to.

> >

> >     sure? i think it possible that some things won't work when

> >     non-root ...

> >

> >

> > Of course some things won't work - if they would, there would be no

> > need for a special root account.

> > Basically all the tools someone would use without a terminal should

> > work (dialer, contacs, ...) no matter what stack is used.

> > The daemons that need root access run in background and can be

> > controlled by userspace-programs without root-access.

> >

> > If of course would take a loginmanager or similar to use a user with

> > password at startup, because currently the user root is automatically

> > logged in. Should be easy to "fix".

> Even running only critical things as root, and most stuff on a

> no-password unprivileged account would be better. But an user account

> with a password a would of course be better. The I'd say that the PIN

> could almost be saved somewhere, to avoid the need for a double log-in.

I had some thoughts about that, too.

Would be cool if it wasn't necessary to have a PIN at all - you enter the

PIN in the "first-run-wizard", that will store it.

After that you only have one password (of your choise) that does all - the

security daemon would lookup in a key/password-database and use your

password for all things, like decrypting the other containers (phonebook,

messages, e.g.), authing you on the network with the stored pin, unlocking

the phone screen, .....
------=_Part_45616_13229138.1216052324550

Content-Type: text/html; charset=ISO-8859-1

Content-Transfer-Encoding: 7bit

Content-Disposition: inline
On Mon, Jul 14, 2008 at 6:13 PM, Kalle Happonen <kalle.happonen@iki.fi> wrote:



thomasg wrote:


quoted text
> On Mon, Jul 14, 2008 at 5:22 PM, arne anka <openmoko@ginguppin.de


> <mailto:openmoko@ginguppin.de>> wrote:


>


>     > Of course you can create another user, as you are used to on any


>     unix


>     > system.


>     > It just doesn't ship with one because the distro comes in


>     ready-to-deploy


>     > images, not with a installer like the binary-distro-people are


>     used to.


>


>     sure? i think it possible that some things won't work when


>     non-root ...


>


>


> Of course some things won't work - if they would, there would be no


> need for a special root account.


> Basically all the tools someone would use without a terminal should


> work (dialer, contacs, ...) no matter what stack is used.


> The daemons that need root access run in background and can be


> controlled by userspace-programs without root-access.


>


> If of course would take a loginmanager or similar to use a user with


> password at startup, because currently the user root is automatically


> logged in. Should be easy to "fix".


Even running only critical things as root, and most stuff on a


no-password unprivileged account would be better. But an user account


with a password a would of course be better. The I'd say that the PIN


could almost be saved somewhere, to avoid the need for a double log-in.


I had some thoughts about that, too.
Would be cool if it wasn't necessary to have a PIN at all - you enter the PIN in the "first-run-wizard", that will store it.


After that you only have one password (of your choise) that does all - the security daemon would lookup in a key/password-database and use your password for all things, like decrypting the other containers (phonebook, messages, e.g.), authing you on the network with the stored pin, unlocking the phone screen, .....

------=_Part_45616_13229138.1216052324550--