[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [olpc-software] Authentication, authorization, personalization/imprinting

David Malcolm wrote:
My guess here is that all that's really doable is one of (i) do you have
physical access to the machine?

Traditional approach to Linux desktop security has revolved around root vs user, but that's shoe-horning a security model that made sense in the 70s into a totally different situation today.

Authentication is being used to do three things currently:

* Separate multiple user accounts - but not applicable here, unless
  perhaps the family wish to use the childs laptop and treat it as
  a family laptop.

* Prevent unauthorized access to data from people physically in front of
  the machine. Realistically, is the headache of lost passwords worth
  it? How much sensitive data will children have? Not much, I'd expect.

* Establish a trusted path to the user ... that's what needing root to
  reconfigure networks/date/software is about, really.

If the first two aren't really applicable then that leaves the third, which can be better done in other ways, for instance using a combination of SELinux (but used differently to how it's used in Fedora Core) and the fact that the X server will tell you which events are synthetic. Such a scheme can make the system both more secure and easier to use (by eliminating password prompts).

But that's pretty new/experimental stuff as well, and there is probably a limit to how much of that is a good idea for the first generation product. So, being traditional here and prompting for the users password Ubuntu-style might be better.

thanks -mike

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]