> On Tuesday, 16 December 2014 9:10 PM, Kurt Seifried wrote: > Good point, this totally breaks anyone not using local authentication, I > think based on that this feature change really needs to be blocked. > > > On 16/12/14 08:14 AM, Dennis Gilmore wrote: >> I think it is a really bad idea, it will break many things for me >> personally and I am sure others also. this is because I set a root >> password at install time but do not create a user, I then ssh to the >> box and join it to my ipa domain for user authentication. I will now be >> unable to do so. > > > On Tuesday, 16 December 2014 9:19 PM, Simo Sorce wrote: > As said before this is not ok, it must be conditional to whether or not > a user has been created during the install. Sure, idea is to make it conditional and not break thing too rough. In that, during the boot process the user could be prompted to create a non-root account, to which he/she can choose not to create one, in which case they would be warned about/against it. > After all, only power-users should use SSH so you could as well propose > we do not even start sshd by default. But we do, because it is used, so > breaking it is not a good idea. Exactly! All the use cases above and similar others are typical power user's ones, who can easily re-enable remote root login as and when required. --- Regards -Prasad http://feedmug.com -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
