Roland Mainz wrote:
> Would be there any (technical) objections to modify "useradd" to add
> entries to /etc/publickey by default (and assign a default host key for
> the machines, too) ?
> The idea is to get SecureRPC working by default on a plain Solaris
> installation to allow users to use X11's SUN-DES-1 authentification
> scheme instead of MIT-MAGIC-COOKIE-1 stuff (e.g. use $ xhost +username@
> # instead of shuffeling cookies around which should be much more
> user-friendly) and/or use SecureRPC for NFS...
While I don't object to it, I'm not sure X users will benefit much
from SecureRPC keys that are only in local files - if they were shared
amongst machines for network authentication sure, but local users can
just use the existing localuser authentication which requires no setup
and works for all users regardless of nameservice or whether their account
was created before or after this change to useradd. (And of course,
Secure-by-Default disabled remote access to X by default other than
via ssh tunneling, but that's easily changed in SMF.)
--
-Alan Coopersmith- alan.coopersmith at sun.com
Sun Microsystems, Inc. - X Window System Engineering
