----- Original Message ----- > On Fri, Jul 24, 2015 at 12:42:51PM -0600, Chris Murphy wrote: > > OK so you're suggesting this only get provisioned with MFA if the user > > enables SSH in the GNOME GUI? If it's enabled via systemctl then it's > > just password only, and no MFA? Because if MFA is required then there > > Right, unless you configure multi-factor by hand. My specific concer is > that there's a relatively easy to access switch which opens up the > system to more exposure than may be immediately obvious. I think the > idea of forcing a password change when this switch is toggled has some > problems. Maybe adding some more explanatory text to the dialog for > enabling "Remote login" could help, but I'm skeptical about that too; > hence this suggestion. That same person you don't trust to know what "Remote Login" does can run "curl ... | bash" on the command-line and trash the system. -- desktop mailing list desktop@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/desktop
