-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 14 Jan 2015 12:34:22 -0500 (EST) Miloslav Trmač <m...@redhat.com> wrote:
> > On Wed, 14 Jan 2015 16:54:09 +0000 (UTC) > > P J P <pj.pan...@yahoo.co.in> wrote: > > > > On Wednesday, 14 January 2015 8:01 PM, Simo Sorce wrote: > > > > Ok, I state my opposition to without-password too inequivocably > > > > here. Mostly because it is just the same as 'no', given there > > > > is no way, in a regular install to seed a key into the root > > > > account. > > > > > > > > Except you have no mechanism to inject a key at installation > > > > time, > > > > > > Sure. Could you please elaborate how would you like this key > > > to be injected into the 'root' account? Feature page does have a > > > listed workflow change: > > > > > > "Anaconda installer OR maybe OpenSSH package needs to create > > > initial set of authentication keys for 'root' user." > > That’s not how, to my knowledge, ssh keys are usually deployed; there > is one private key per user (or, for the paranoid, one private key > per client machine / user’s home directory), not one private key per > the server one is connecting to. And creating a key does not really > solve the problem: how do the administrators get the key so that they > can connect? > > > > > I'd request all(those who are opposing) too describe their > > > requirements in the etherpad page above. > > > > Being able to authenticate as root right after installation would be > > the requirement for me. > > Let’s be precise here; “able to authenticate as root” is an > implementation detail; the underlying requirement is something else. > “Able to set up IPA”? “Able to run administrative commands in > shell?” (e.g. we could just, as a part of firstboot, open a root > shell without any authentication ☺ ). Mirek except that will not work when you do not have access to a console and only have ssh access Dennis -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBAgAGBQJUtq2ZAAoJEH7ltONmPFDRzqsQAI59frCILBqB6zUWedryB5yp 378Wakimicon8HAHuUEqZb334246k4U3/d4FPaspGiqKtqSf2w1Y2nixFNdxGqor mH5oyoToddasptFS2okRGh8IaPnZiBNXPVZ6emKrjeL+ln2DMsfSCPA9NN15AO/I KllQ4j3YhDVm4qmL9a25pcNcPjUlIi1C6amR19eOkG7+788+7pMQ0yzcDcn3ow3O F8u+j5bwPdPfwL/sEe6ZyGNgfHJEx+wtYCQjXMCQp3VkYHMkqHwkjR/q63l5TMtb 5SIFwzP6wmAaLvU3Nz4jEu8GWNQwm86cYIiEj1cRSN9muKffoIuJopKM1fchbveh VuPH+FjZhvWShvN5tddaunOkGN2WtFJp8rgnWeVtT/09H+PbkzT3pigZt2OElnD/ 49DWLork4uLOSuVPQvqMjMMsUbg1SLv9tB6AA45gtkEgkg+X256MdHUVK49HfOXS ogCfgx7CfCPCd6cOEHx+exK3Xg9JlxqboIklR1pFyDLcyQUDkXaV0wrXq23hhrci kLUpZ7yYTZwvHgKrQfQ99ael5alAHyCb/ZvWyAZyAoMeoJQKZoyCvNI5BWsVoGPQ Ir1Z/nEGz2T/RbbpVrLvH5VzwkWY0hZyCEUwa+Wrh/LfyFBjxN6YM+YTdoPSI4Et cifUPiu3gJqlrMnOJvyt =nj7u -----END PGP SIGNATURE----- -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
