Google
  Web www.spinics.net

Re: Security Changes For Fedora 9

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Tomas Hoger wrote:
On Sat, 5 Jan 2008 14:57:44 -0700 Kevin Fenzi <kevin@xxxxxxxxx> wrote:

Well, as you say, you need to make sure we force the user to make a
regular account first, currently thats not being done. You can do a
new install and not create a user account.

Problem is that you can not create unprivileged account in the
installer, IIRC.  You are asked whether you want to create normal user
by firstboot, after system was rebooted.  But that screen is usually
not seen by users doing kickstart or vnc installation, as was pointed
out by Tomas Mraz.  So changing the default value to 'no' would mean
that those users will have no way to log into newly installed systems
(assuming those methods are frequently used for remote installs with
no or limited physical access).

Please note that some installations, like ours, would not configure local accounts at all, whether during Kickstart or manual install. We use network accounts (LDAP), and we use ssh keys installed for root for administration. So please don't say things like "you need to make sure we force the user to make a regular account first", because that is not always the case. Perhaps in a small office/home installation these are good points, but not in larger installs with network authentication.

We have dozens and dozens of installs on a network used by researchers and we reinstall often and use network authentication, etc.

If you are going to consider this sort of thing, please make sure there is a switch somewhere so it doesn't break large site installations.

Thanks very much.

--
David Pullman
Systems Administrator
Manufacturing Engineering Laboratory
National Institute of Standards & Technology
Mail Stop 8203
100 Bureau Drive
Gaithersburg, MD 20899-8203
Tel: (301) 975-5385
Fax: (301) 926-3842
E-mail: david.pullman@xxxxxxxx

--
Fedora-security-list mailing list
Fedora-security-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-security-list

[Home]     [Fedora Legacy List]     [Fedora Maintainers]     [Fedora Desktop]     [Red Hat 9 Bible]     [Fedora Bible]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Coolkey]     [Fedora Tools]

Powered by Linux

Google
  Web www.spinics.net