On Tue, 2013-05-21 at 14:09 -0700, Adam Williamson wrote: > On Tue, 2013-05-21 at 16:56 -0400, Simo Sorce wrote: > > > > The other 'mandate user creation' option would be simply to do it in > > > (interactive) anaconda, and tell people who want to do installs without > > > a user account to use a kickstart or lump it. This has the advantage of > > > being one of the simplest possible approaches: all we'd have to do is > > > make user creation mandatory in anaconda and we could ditch > > > initial-setup and the pre-GDM bit of gnome-initial-setup. The > > > disadvantage of this approach, obviously, is it makes it harder for > > > those who have some kind of valid reason for doing an install with no > > > user account. Frankly, I quite like this option, the advantage of > > > simplicity is attractive. But I think it might be harder to get people > > > behind, cos people sure do love their choice! > > > > I have a FreeIPA server at home, I have no reason to create a user > > account. Why should you force me ? > > The reason for forcing you would be that it was considered a greater > benefit to keep the install/first boot code paths simple than to make it > relatively easy to do installs with no user accounts. Remember, in this > mail, I was considering and presenting the pros and cons of all the > possible approaches. Please don't skim read and assume I'm advocating > one specific option. I did not in fact say I wanted to go ahead with > this option. It was a generic 'you', I was not accusing you personally :) > > > The other possible alternative behaviour, of course, is to go precisely > > > the other way, and not try and force the user into doing anything at > > > all. Again in this case it would make sense to ditch the 'firstboot' > > > stage. We'd simply leave anaconda alone, and kill initial-setup (and the > > > pre-GDM bit of gnome-initial-setup). This is again a nice and simple > > > approach. Its disadvantage is that it makes it nice and simple for a > > > 'regular' user to shoot herself in the foot. Experienced users can be > > > assumed to know the consequences of not creating a user account, sure. > > > But for the newbie who didn't do it and then pitched up at a GDM prompt > > > with no users, things would kind of suck. I am not a fan of this option. > > > > What's wrong with giving an option in anaconda and letting the user skip > > it ? > > Nothing much, and if you actually read both my mails fully, that is > precisely the path I proposed. Yeah I got that, I was just asking why we consider mandating something when the current behavior seem, to work just fine. > > > It's very likely that the behaviour will differ somewhat between GNOME > > > and all the other desktops for F19. This kind of inconsistency could be > > > viewed as a bit of a pity, but I don't think it's a huge practical > > > problem, and it may be that we can't get GNOME and the distro as a whole > > > to agree on whether user creation should be mandatory. > > > > It's unclear to me why Gnome should mandate user creation at all, since > > when Gnome is the OS Identity Management system/enforcer ? > > Desktops and spins are considered to own their own destiny to at least > some extent. Effectively what is happening here is that the GNOME > desktop/spin believes that a user account should be mandatory to use > their desktop, and so they are enforcing the creation of one. Well if you allow me this is a non-sequitur. Of course you need a user account to login into a desktop environment, that doesn't mean you need to force people to create a user account at install time. Some people actually know what they are doing when they skip its creation. > If people think this is terrible and want to make a fuss about it, there > are various avenues for doing so. Personally it doesn't bother me > overmuch. > > Both g-i-s and anaconda/i-s appear to offer at least some mechanism for > configuring remote user accounts. I don't know in detail what > technologies they support; the g-i-s one looks like it supports at least > AD, I don't know what else. The anaconda/i-s "Use network login..." > button appears to do nothing in F19 Beta RC2. I'll file a bug on that. It used to 'support' ldap and krb5 for auth and even a freeipa option, but didn't really work in F18. If someone wants to make user creation mandatory I think they should first provide a working method to select external account providers in anaconda. If that can't be done they should leave account creation optional. Although it being a default and requiring an explicit and noisy opt-out is fine by me. Simo. -- Simo Sorce * Red Hat, Inc * New York -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
