On Mon, Dec 02, 2019 at 10:44:46AM -0700, John M. Harris Jr wrote: > On Monday, December 2, 2019 9:48:05 AM MST Przemek Klosowski via devel wrote: > > On 11/27/19 2:59 AM, Zbigniew Jędrzejewski-Szmek wrote: > > > On Tue, Nov 26, 2019 at 09:39:59AM -0700, Chris Murphy wrote: > > >> Mayyyybee systemd-homed is in > > >> a position to solve this by having early enough authentication > > >> capability by rescue.target time that any admin user can login? > > > > > > Actually, it may. Things are confusing here, because systemd-homed is > > > implemented together with changes to how user metadata querying is done: > > > instead of using dbus, a brokerless and much simpler varlink query is > > > used. > > > That last part is what would be relevant to early-boot logins, because > > > less services need to be up to bring up the user session. > > > > There's one tricky feature of homed : remote login (ssh) is only > > possible after an initial local login. It is OK for his intended use (a > > personal laptop/tablet client), except for corner cases like a remotely > > accessed personal desktop in the basement that might get rebooted e.g. > > for updates, resulting in an accidental lockout. > > Basically, systemd-homed is useless for any power user, but might be useful > for people just getting into GNU/Linux, who don't use ssh yet or don't have > more than one system. How often do you ssh *into* your laptop? I occasionally do, but more because I can than because I really need to. systemd-homed is most suited for the case of a portable personal device, and this is exactly the type of device one is relatively unlikely to access from the network. So I don't think this limitation is so terrible. Nevertheless, I'm pretty sure that a workaround for this will be made anyway. I think the latest version of the patchset allows exporting the authorized_keys content in the non-encrypted metadata for the user. Zbyszek _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
