Tomas Hoger wrote:
On Sat, 5 Jan 2008 14:57:44 -0700 Kevin Fenzi <kevin@xxxxxxxxx> wrote:
Well, as you say, you need to make sure we force the user to make a
regular account first, currently thats not being done. You can do a
new install and not create a user account.
Problem is that you can not create unprivileged account in the
installer, IIRC. You are asked whether you want to create normal user
by firstboot, after system was rebooted. But that screen is usually
not seen by users doing kickstart or vnc installation, as was pointed
out by Tomas Mraz. So changing the default value to 'no' would mean
that those users will have no way to log into newly installed systems
(assuming those methods are frequently used for remote installs with
no or limited physical access).
Please note that some installations, like ours, would not configure
local accounts at all, whether during Kickstart or manual install. We
use network accounts (LDAP), and we use ssh keys installed for root for
administration. So please don't say things like "you need to make sure
we force the user to make a regular account first", because that is not
always the case. Perhaps in a small office/home installation these are
good points, but not in larger installs with network authentication.
We have dozens and dozens of installs on a network used by researchers
and we reinstall often and use network authentication, etc.
If you are going to consider this sort of thing, please make sure there
is a switch somewhere so it doesn't break large site installations.
Thanks very much.
--
David Pullman
Systems Administrator
Manufacturing Engineering Laboratory
National Institute of Standards & Technology
Mail Stop 8203
100 Bureau Drive
Gaithersburg, MD 20899-8203
Tel: (301) 975-5385
Fax: (301) 926-3842
E-mail: david.pullman@xxxxxxxx
--
Fedora-security-list mailing list
Fedora-security-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-security-list