[RULE] Real Endusers installing w/ Slinky
Jason Bechtel
jasonbechtel at care2.com
Wed Jul 2 06:32:00 EEST 2003
You could actually let the user setup a username
and password of any degree of difficulty. The
point is that for a local-only installation,
access to the box is equivalent to root access
anyway. Anyone can reboot it and boot into
runlevel 1 (no default bootloader security, I'm
sure). So, why not just make it do auto-login.
As long as it's under a normal user account, even
one with a secure password, that would more
accurately reflect the security requirements of
the situation.
I agree that people should learn the right way,
but they should also learn that security exists
for a reason. If they see passwords as arbitrary
hurdles (they already have full physical access
to the box) then they may not develop a respect
for security and will fail to take it seriously
when it is actually needed.
Jason
---- Begin Original Message ----
From: Michael Fratoni <mfratoni at tuxfan.homeip.net>
Sent: Tue, 1 Jul 2003 20:02:34 -0400
Subject: Re: [RULE] Real Endusers installing w/
Slinky
On Tuesday 01 July 2003 07:19 pm, Michael Fratoni
wrote:
> I'll look at it. I have to tell you that I
*hate* the idea of creating
> a user with an empty password. It just goes
against everything I've
> always taught/been taught. I agree this might
add a small amount to the
> learning curve. In my mind, it's better to
learn the proper way, rather
> than learn sloppy security practices.
Thinking on this a bit more, a user "linux" with
a password of "linux"
isn't any better than a null password. But I
still don't like it. ;)
Actually, I'm a bit surprised that the passwd/pam
utilities would allow
'linux' as a password.
- -Michael
---- End Original Message ----
/earth: file system full
Help the planet each day! It's free and easy:
http://www.Care2.com/dailyaction/
_______________________________________________
Rule Project HOME PAGE: http://www.rule-project.org/en/
Rule Development Site: http://savannah.gnu.org/projects/rule/
Rule-list at nongnu.org
http://mail.nongnu.org/mailman/listinfo/rule-list
More information about the Rule-list
mailing list