On Thu, 2015-01-08 at 13:52 -0500, Miloslav Trmač wrote: > > > > The only other approach I could see for the headless > > > > servers would be mandating the enrollment in an identity domain at > > > > installation time (such as to FreeIPA or Active Directory). > > > > > And in this scenario we should absolutely disable PermitRootLogin. > > > So that if you have issues with the connector, you have to reboot the > > machine and be physically present to fix anything. > > Not really a > grand plan IMO. > > Earlier in the discussions I was told that this is not really an issue: > in production, about every server with remote access also has a KVM. > Mirek I don't think that's necessarily true. I've seen plenty of sites where they have a literal, physical "crash cart" they have to wheel out to plug in when remote access is broken.
Attachment:
signature.asc
Description: This is a digitally signed message part
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
