Alan Cox wrote:
On Sun, Oct 07, 2007 at 06:41:25PM +0200, Lubomir Kundrak wrote:
Would the system, where an user would have to know ten passwords and
five usernames be more secure than one, where account is protected just
with the password? If yes, why don't we do that now?
I'm sort of scared anybody in a security team would even ask that question
as is.
I assumed s/he was being facetious, and describing a system, not
compartmentalized with many independent components, but rather just
comically expanding the login process to require a serial entry of 5
usernames and 10 passwords.
And yes, I do know how to disable face login. It appears to be also
possible from the standard admin->login gui tool, by unchecking the
'include users from passwd' checkbox. If I implement the feature I
described, this is where I would put both it's disable-totally, and
dont-even-bother-asking-for-root-passwd options. (as well as the gdm
text config file of course).
-dmc
"For me, given my threat model and how much my time is worth, life is
too short for SELinux." --Ted Ts'o
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
