Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Dec 2, 2019 at 10:45 AM John M. Harris Jr <johnmh@xxxxxxxxxxxxx> wrote:
>
> On Monday, December 2, 2019 9:48:05 AM MST Przemek Klosowski via devel wrote:
> > On 11/27/19 2:59 AM, Zbigniew Jędrzejewski-Szmek wrote:
> > > On Tue, Nov 26, 2019 at 09:39:59AM -0700, Chris Murphy wrote:
> > >> Mayyyybee systemd-homed is in
> > >> a position to solve this by having early enough authentication
> > >> capability by rescue.target time that any admin user can login?
> > >
> > > Actually, it may. Things are confusing here, because systemd-homed is
> > > implemented together with changes to how user metadata querying is done:
> > > instead of using dbus, a brokerless and much simpler varlink query is
> > > used.
> > > That last part is what would be relevant to early-boot logins, because
> > > less services need to be up to bring up the user session.
> >
> > There's one tricky feature of homed : remote login (ssh) is only
> > possible after an initial local login. It is OK for his intended use (a
> > personal laptop/tablet client), except for corner cases like a remotely
> > accessed personal desktop in the basement that might get rebooted e.g.
> > for updates, resulting in an accidental lockout.
>
> Basically, systemd-homed is useless for any power user, but might be useful
> for people just getting into GNU/Linux, who don't use ssh yet or don't have
> more than one system.

I disagree with all of this, including the predisposition that this
limitation can't be worked around somehow. I ssh into various laptops
around the home office on a daily basis, I'm not going to give that
up. Based on the systemd-homed presentation, slides, and the early
code review happening, it addresses a number of concerns the
Workstation WG has in making forward progress to secure user data by
default.

It's almost 2020, and I shouldn't have to pick and choose between
remote access and securing user data at rest by default. We surely can
have our cake and eat it too.

-- 
Chris Murphy
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux