On Tue, 19 Feb 2008, Jesse Keating wrote:
have you gone with /less/ secure choices? I think we might be
generalizing over a specific here.
Actually, I have. (Maybe I shouldn't admit this. :))
In a previous job, two security settings in gdm were changed from the
defaults:
DisallowTCP=false
NeverPlaceCookiesOnNFS=false
These are "less" secure settings.
It was a large environment and the end users were used to logging to
remote machines and setting $DISPLAY to run remote graphical programs.
The default of 'DisallowTCP=true' broke that, so it was changed. And home
dirs were all on NFS, hence the second change. Efforts were underway to
migrate to ssh, but changing these settings minimized the pain during the
transition.
The point is: had I not been looking through gdm.conf at all the various
settings, I wouldn't have known about these two (until the end users
started complaining).
Back to the anaconda issue: if the default is to remain MD5, then exposing
the options in the GUI would give people the chance to make their
environment /more/ secure in ways they might not have known about
otherwise, so keeping it in the GUI seems like a good thing to me.
--
Jeff Bastian
GSS - SEG
_______________________________________________
Anaconda-devel-list mailing list
Anaconda-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/anaconda-devel-list
