On Di, 08.10.24 09:24, Neal Gompa (ngompa13@xxxxxxxxx) wrote: > On Tue, Oct 8, 2024 at 9:22 AM Michael Catanzaro <mcatanzaro@xxxxxxxxxx> wrote: > > > > On Mon, Oct 7 2024 at 12:59:46 PM -04:00:00, Simo Sorce > > <simo@xxxxxxxxxx> wrote: > > > Changing a default like this is not something to do lightly IMHO. > > > > I'm interested in systemd-homed because we currently have no other > > plausible path towards encryption of user data by default [1] (since > > use of LUKS full-disk encryption has been rejected). > > > > [1] https://pagure.io/fedora-workstation/issue/82 > > And that's the context in which we wanted homed working with > centralized logins. It continues to confuse me that people conflate > "centralized login provider" with "remote users", which are not the > same thing at all. Local users that have primary > authentication/authorization externally managed has been a pattern for > quite a long time on other platforms. So one thing I am kinda interested in is adding support for synthesizing local homed users from oidc/oauth2 accounts, in the long run, to get something like a Chromebook-like behaviour, that you can basically say "allow logins from any @google.com" account or similar, and we'd generate a home dir from that automatically, as you log in. But quite frankly, we have more pressing issues in systemd-homed land right now. It's a bigger project, would require support in various layers, i.e. gdm would probably need to support some form of web browser and so on. Lennart -- Lennart Poettering, Berlin -- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue