On Mon, Dec 4, 2017 at 2:36 PM, R P Herrold <herr...@owlriver.com> wrote:
> On Mon, 4 Dec 2017, Chris Murphy wrote:
>
>> >> === Root Account ===
>
>>>> group. We will remove the root password creation spoke.
>>>> All Workstation installs will have no root password set by
>>>> default, as in Ubuntu. Having a root password is not
>>>> useful for nontechnical users, and it is confusing to ask
>>>> users to create multiple passwords
>
> If this is a communication problem, why remove a password,
> just remove the spoke?
>
> Set _some_ DRP password, deterministically to an unguessible
> value, and save that value in a well-named file on the root
> volume
Sounds like a new secret and non-standard way to lock the root
account. Setting the root user's 2nd field in /etc/shadow to ! is a
well understood way of disabling the account.
>
> # umask 077
> # date +%s > /root-passwd.txt ; ( head -n 1 /root-passwd.txt ; \
> lvdisplay | grep -i UUID | rev | awk {'print $1'} | rev | \
> sort | head -n 1 ) | md5sum >> /root-passwd.txt
>
> ... and set the root password to the value of the last line of
> /root-passwd.txt
Uhh yeah no way. That's like exposing /etc/shadow there except without
a hashed passphrase.
--
Chris Murphy
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
