No password is set for local accounts linked to emby connect by default

[CrazyMonk 4]

I stumbled upon this reddit thread (https://www.reddit.com/r/emby/comments/h0gkiw/why_do_emby_connect_accounts_not_have_passwords/)
where a user mentioned that fresh accounts made on an emby server which are then linked to an emby connect remain unprotected and need to have a password manually set for the local user account itself. This seems pretty bad since I don't remember any mention of this in the guides or wiki and is something I completely missed myself on my emby server which has been running for around half a year now (even though all the emby connect linked accounts are password protected on my server).

Just to confirm, I spun up an emby docker, added a user, linked my emby connect account to it and could login without inputting the password on the login screen.

The behaviour I expected was that a local account linked to an emby connect would make it either:
1. possible to login only with the Emby Connect credentials while not being able to login with the local user account's username or
2. have the same password as the linked Emby Connect password.

I find that the first option would be the more secure one and it would also avoid confusion between local user credentials and emby connect credentials since we can't add a user without making a local account for that user even if they have an Emby Connect account (not sure about this one).

 

Edited June 13, 2020 by CrazyMonk
adding a link simply wouldn't let me continue my sentence on the same line without linking the rest of the sentence too

[xvv 2]

this also affects local accounts without emby connect (accounts that were created without manually setting a password on the "Password" tab afterwards), disabling logins without a password is an urgently needed "feature"

[ebr 16185]

Right, this doesn't' really have anything to do with Emby Connect.  You created a user on your server and did not create a password at that time.  Whether you later connect that to a Connect account or not, you just created a user with no password.

We don't allow this for the initial admin user but don't force you to use passwords on subsequent users (there are some people who do this with only local servers).

There is no way for us to "copy" the password from your Connect account to the local account as we (the system) don't know what that password is and cannot access it.

[CrazyMonk 4]

Alright, I get that.

But then having to create a local account only to link it to an Emby Connect account seems like a workaround of some sorts. Especially considering one can still login with the local account credentials and that passwords aren't enforced.

- It should be possible to add an Emby Connect account to one's server without having to make a local account for it or
- Linking an Emby Connect account to a local account shouldn't allow logging in with the local account credentials or
- It should definitely be mentioned, even as a tiny text, in the wiki or installation guide, that a local user that has a linked Emby Connect account will remain unprotected until a password has been set because this seems unnecessarily confusing.

This way (No. 2 above), the local-only servers (even with no internet) keep their unsecured local accounts but if one links their Emby Connect, they login with that.
No double-dipping.

Edited June 13, 2020 by CrazyMonk
clarification

[pwhodges 2012]

What is your reason for wanting to use Emby Connect accounts rather than having your users connect directly to your server?  Connect only acts as an introduction service, after all - it doesn't play any part in the streaming (it's not like Plex, you see).

Paul

[xvv 2]

the main problem here is (IMHO) that emby allows logins without any password and there is no config option to disable (fix) this behaviour

[ebr 16185]

We understand that having two different types of accounts is confusing and we'd like to rectify that.  The issue exists for us because we don't want to force people to have an account with us in order to use their own personal server (unlike some other guys... ;)) but, we'd also like to make an easy way to connect remotely without having to know an IP address or have a domain name.

We are working on simplifying this but, due to the fact that we still will not force people to have accounts with us, it is taking some time to get done.

[xvv 2]

are there plans to implement an option to disable (remote) logins without a password (this should be rather easy to implement (and independent of any emby connect changes): add a config option, if enabled check if the password is "" on login)?

Edited June 14, 2020 by xvv

[CrazyMonk 4]

@pwhodges not that it matters in the context of this thread, but a few of my users have other servers shared with them and Emby Connect makes connecting to whichever they want simpler. Moreoever, I run a reverse proxy, therefore making my influx of not-so-tech-savvy users during this pandemic 'connect manually' isn't the best experience. So, even though Emby Connect doesn't play a part in the streaming, it makes the introductory part a lot less tedious and I'd like that to stay the same.

@ebr yeah, the scenario where someone has a local-only server but still wants to link with Emby Connect (most prob to connect remotely to another server) breaks the solution I thought of (and I'm sure you guys thought of that one too a few years ago). I really appreciate that you don't want to force people to have to have an account with you guys. I took some time to think about it, given the context you explained and the only solutions I can get to seem not very user-friendly/safe (best is: configurable 'don't ask for password on network defined as LAN') (the concept of plex pin is pretty neat too), so good luck with that one. I'd be interested with knowing with what you guys come up with.
However, since this is something that is still in the works, I'd like to reiterate that I think this should be mentioned somewhere; the Emby Connect Support Article seems to be the place, from a quick glance.

[pwhodges 2012]

7 hours ago, CrazyMonk said:

a few of my users have other servers shared with them and Emby Connect makes connecting to whichever they want simpler. Moreoever, I run a reverse proxy, therefore making my influx of not-so-tech-savvy users during this pandemic 'connect manually' isn't the best experience

OK, having access to multiple servers is a good reason to use Connect, I understand that. 

For people who may connect directly, though, I can't see how your running a reverse proxy affects anything - it should, once set up, be completely transparent to both you and your users,

Paul

[ebr 16185]

I have annotated the KB article.  Thanks.

[laks 1]

Sorry for reviving an old thread, but this is very dangerous behaviour IMHO. Please consider showing a warning message when adding a new user with an Emby Connect ID defined, perhaps something like:
"Please note that this user may also log in manually by connecting directly to this server. Unless you set a password for the user, your media libraries might become freely accessible to anyone who knows the server address."
A button to instantly generate a random password for the user would be a super cool feature. Or just a link to the "Change password" page for that specific user. Instead of relying on the server owner remembering to generate a password himself, and possibly exposing their entire library to the internet if he/she forgets. There's a lot of port-scanning bots out there...

I just switched to Emby after many years of using Plex, so I might be biased after having gotten used their online-only login process. I love the possibility of a local, cloud-free login process with Emby, but I have a feeling that most people who create Emby Connect users intend on connecting to them using Emby Connect exclusively. If not, I think they will survive an additional warning message (a "Don't show again" checkbox would make it a one-time annoyance for those people).

Emby Connect is my primary reason for using Emby with a Premiere license, rather than just using an open-source alternative, so I was really surprised to suddenly see my entire media library accessible to anybody in the world after having created my first Emby Connect user...

Edited August 4, 2021 by laks

[Carlo 4561]

Emby Connect can't be used without supplying a password or PIN code.

[laks 1]

5 hours ago, cayars said:

Emby Connect can't be used without supplying a password or PIN code.

Yes, but isn't Emby Connect just a discovery service? The users must still have corresponding local user accounts, and the server must be accessible externally on the internet, right?
Or is it possible to disable direct access and only allow connections via Emby Connect?

Both my IP and the port number forwarded to me changes regularly, which is the reason why I use Emby Connect (app.emby.media). Except for administration purposes using the initial "root" user, I don't plan on having any users access it directly with local authentication.
It was a coincidence that I tried to access it directly on my external IP and port with one of the users created with an Emby Connect ID. I didn't expect local authentication to still work, and definitely not without requiring a password.

[Carlo 4561]

Emby Connect and a forum account are essentially the same thing.  A Connect account requires a password.  It can't have a blank password.

You can have local (server based) accounts without a password that can be used on LAN without a password which is great for young kids, baby sitters, guests, etc..

[ebr 16185]

Hi.  This issue really isn't related to Connect except by association.  It is possible to create users without passwords and then those could be available to remote users if configured that way.

We should probably have a warning shown on any local user without a password because it isn't necessarily obvious, when using Connect, that these local users are still accessible.

Thanks.

[Carlo 4561]

That and/or simply not allow remote connections without a password which is the obviously safest route.