Re: [Tails-dev] Shared screen locking solution for live dist…

Delete this message

Reply to this message
Author: Ed Dixon
Date:  
To: sajolida, tails-dev >> The Tails public development discussion list
Subject: Re: [Tails-dev] Shared screen locking solution for live distributions in Debian
Hi, I have a project called ediX which is just a minimized Debian for
educational hosting. It is always under heavy redesign but especially so
right now with all of the changes to the Debian Jessie. I recently took
down the web site in order to move it the project to The Foundation for
Learning Equality where I also help with educational projects such as Khan
Academy Light etc.

After reflecting on the question longer the thought finally occurred to me
why others might want or need this second password feature. ediX is
basically default Debian live with a few select packages for a minimum boot
relying on the persistence feature to provide educational software for
services and configuration. The users (teachers) are assumed to not have
shell / linux knowledge and a minimal GUI is made available basically just
for monitoring, changing configurations, and updates. However, tails users
running directly from a live CD without using persistence do not benefit
from having the users credentials saved and thus the need if I am
understanding things correctly. What I would like to see is an easier
method of changing the default password and other user settings in the
Debian live configuration scripts. As a simple precaution I have been
changing user name but allowing live as password for the image however this
all gets changed once the persistence volume is loaded.

As I understand it, Debian Live recommends and defaults to user / live for
the user account credentials and recommends user-setup and sudo packages be
installed in the packages-list providing those features. By adding those
packages that account is created and there are supporting scripts for
changing the default user name and password however I have not had a need
to do so.

Hope this helps!

Thanks,

On Thu Jan 01 2015 at 4:53:33 AM sajolida <sajolida@???> wrote:

> Ed Dixon:
> > Hi,
>
> Hi, which project are you from?
>
> > I have been using the xtrlock package which allows the screen to still be
> > viewed while locked to good effect in classroom situations. It takes the
> > current users password by default. I may be missing something here but as
> > far as I am aware all current Debian screen locking mechanisms fill this
> > need, if installed. I personally would not want a second set of
> credentials
> > adding a potential vector attached to the user account just to have a
> > separate password for the screen lock. Can you explain more the need for
> > this?
>
> In the case of live distributions most of the time there is no user
> password by default. So if we want to use a password to lock the screen
> we need to ask for a password at some point.
>
> I'd like to avoid introducing yet another password if there is one
> already (like in the case of Jondo, and sometimes Tails) but otherwise
> we need at least one.
>
> Does that make sense?
>
> Note that in the case of Tails, you can configure an administration
> password at boot time:
> https://tails.boum.org/doc/first_steps/startup_options/
> administration_password.
> I'd like to consider reusing this for screen locking if it is set (and
> only ask for a screen locking password if there is none), unless someone
> has security concerns about this.
>
> --
> sajolida
>