Don't store the admin password in cleartext
Originally created by @segfault on #17135 (Redmine)
The Greeter currently stores the user-chosen admin password unhashed in
/var/lib/gdm3/tails.password
. In /etc/gdm3/PostLogin/Default
, the
password is then set via chpasswd
and /var/lib/gdm3/tails.password
is removed.
IMO, passwords should never be stored in cleartext. Instead, we should
store them hashed and use chpasswd -e
to set them.
This will also make it easier to persist the password, as part of persisting the Greeter options, which I plan to work on.
Feature Branch: bugfix/17135-store-admin-pw-hashed