Gary, if the suggestion about changing the default is serious, please make that be a separate case. Given that it proposes a major release feature, that other case should not be submitted as a fast-track as it will require an opinion.
Reading through the "design-on-the-fly" style discussion around the rest of this, sigh, I think it would be wise to re-submit a non-controversial, "obvious" proposal that we can actually consider for a fast-track. Before doing that, please think about how the different implied administrative models will be selected, as well as the various issues raised in the discussion where relevant i.e. usability, the different failure scenarios, and how they're handled, as well as a comparison of similar capabilities in other mainstream OSes - so we can get a sense of (a) how usable and (b) how different this makes opensolaris to everyone else. Some of this detail is obviously more critical if we were to change the default, and can be vectored into that case. If you find this growing beyond the bounds of an obvious fast-track (as I think it may already be) then please derail the case yourself. tim Darren J Moffat wrote: > Coy Hile wrote: >> I'm with Dale on this. Do we really want another local account required (or >> n such accounts) in a situation where there are no local accounts but root? > > This is is NOT forcing that situation nor is it even MAKING it the default. > > It only allows for a minor extension to what is already allowed. Today > (and since Solaris 8) the 'root' account could be configured as an RBAC > role. This means it can't login directly on /dev/console or over the > network. > > This case extends sulogin to *allow* but not require the use of a > username and password other than for the root account. This is to > *allow* but not require that the root account can have no password at > all. Like is done on MacOS X (the root account has no password). > > This is very similar to what is done with sudo in most cases, the end > user password is used rather than su to root. This case is about making > sulogin work similarly using the capabilities that Solaris has had since > Solaris 8. > >
