On Thu, 08 Jan 2015 11:10:36 -0500 Adam Jackson <ajax@xxxxxxxxxx> wrote: > > The only other approach I could see for the headless > > servers would be mandating the enrollment in an identity domain at > > installation time (such as to FreeIPA or Active Directory). > > And in this scenario we should absolutely disable PermitRootLogin. So that if you have issues with the connector, you have to reboot the machine and be physically present to fix anything. Not really a grand plan IMO. I may be ok with allowing only passwoedless by default, though I still think this feature should be conditional to whether there are other local accounts or not. Simo. -- Simo Sorce * Red Hat, Inc * New York -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
