On Tue, Mar 24, 2015 at 9:36 AM, Adam Williamson <adamwill@xxxxxxxxxxxxxxxxx> wrote: > Hey, folks. I'm writing with my Server SIG member hat on, here. We've > been discussing password policy changes at our meeting today. > > So the Great Password Policy Bunfight of 2015 was resolved by anaconda > creating a mechanism for products/spins to set their own password > policy: I thought the medium term (Fedora 23/24) strategy was to disable root by default, and then: - Server was going to rely more on Cockpit to do authentication setup as it's virtual equivalent of first boot, but also the on-going primary interface (Cockpit is enabled by default, it should be pretty straightforward one day to get it to accept a user generated or supplied TLS certificate, and then also enable key based ssh logins maybe even requiring that step to even enable sshd) - Workstation prefers to rely on g-i-s to configure the first user at first boot. - Cloud seems more like Server, except possibly without cockpit helping out it'd be more of a conventional CLI approach to key based login setup. If anything, Anaconda's password UI is obviated by the products' intended behaviors in this area. The short term solution would be better off as "no change" until the various WGs establish they have their first access modes implemented, and then Anaconda password UI can be suppressed for Fedora products — and spins can continue to use it so long as it meets their needs — and then WG's can diverge on password policies once their own infrastructures are ready. -- Chris Murphy -- desktop mailing list desktop@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/desktop
