[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: gdm Create User



Alan Cox wrote:
On Sun, Oct 07, 2007 at 06:41:25PM +0200, Lubomir Kundrak wrote:
Would the system, where an user would have to know ten passwords and
five usernames be more secure than one, where account is protected just
with the password? If yes, why don't we do that now?

I'm sort of scared anybody in a security team would even ask that question
as is.

I assumed s/he was being facetious, and describing a system, not compartmentalized with many independent components, but rather just comically expanding the login process to require a serial entry of 5 usernames and 10 passwords.

And yes, I do know how to disable face login. It appears to be also possible from the standard admin->login gui tool, by unchecking the 'include users from passwd' checkbox. If I implement the feature I described, this is where I would put both it's disable-totally, and dont-even-bother-asking-for-root-passwd options. (as well as the gdm text config file of course).

-dmc

"For me, given my threat model and how much my time is worth, life is too short for SELinux." --Ted Ts'o


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]