|
On 5/20/19 12:19 PM, Kevin Fenzi wrote:
Right, but it's just a stepping stone to a world with universal authentication, and granular authorization based on credentials from that universal authentication.On 5/20/19 9:09 AM, Przemek Klosowski wrote:On 5/17/19 4:34 PM, Kevin Fenzi wrote:So, this is basically the old cloud-init makes a user that can sudo to root thing. Can anyone explain in small words how this is more secure?In a large system, it allows granular revocation of access (Joe Bow quit and we disabled his account)but this is not what Cloud images do. They create 1 non root account 'fedora' (or centos or rhel or whatever) for all access (by default). Ditto. I'ts necessary but not sufficient.and accountability (who logged in as root and installed PHP 1.0?).In this case it was 'fedora' user from ip X.x.x.x. Which is (in my mind) no better or different than it was 'root' from ip x.x.x.x.
|
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
