[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: systematic Kerberization
- From: Chris Ricker <kaboom gatech edu>
- To: Development discussions related to Fedora Core <fedora-devel-list redhat com>
- Subject: Re: systematic Kerberization
- Date: Tue, 11 May 2004 22:06:09 -0400 (EDT)
On Tue, 11 May 2004, Havoc Pennington wrote:
> So the message I've gotten from others is "Windows solves this problem
> and Linux does not" and they were aware of the ability to set up a local
> passwd file when complaining.
>
> I think the question we have to answer is why is there a perceived
> deficiency vs. Windows, and can we address that without fundamental
> security problems. Appears the perceived deficiency would include 1) we
> aren't working out of the box, only if you fool around with it and
> possibly requiring the end user to run authconfig 2) the local/remote
> passwords can get out of sync.
Make that "require the end user NOT to run authconfig". Once you fix the pam
configs and actually get local authentication as fall-back running, you can
never run authconfig again without it undoing all your hard work (though
that's historically true of pam customization in general, but may be
changing since I vaguely recall recent changelogs mentioning changes to
allow preservation of custom password quality settings).
At any rate, I don't think it's a case of a "perceived deficiency vs.
Windows." It's a perceived deficiency, period, and it's not how other Unixen
(Solaris, for example) or even other Linux distros behave....
later,
chris
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]