[RULE] Real Endusers installing w/ Slinky

Jason Bechtel jasonbechtel at care2.com
Wed Jul 2 06:32:00 EEST 2003


You could actually let the user setup a username
and password of any degree of difficulty.  The
point is that for a local-only installation,
access to the box is equivalent to root access
anyway.  Anyone can reboot it and boot into
runlevel 1 (no default bootloader security, I'm
sure).  So, why not just make it do auto-login. 
As long as it's under a normal user account, even
one with a secure password, that would more
accurately reflect the security requirements of
the situation.

I agree that people should learn the right way,
but they should also learn that security exists
for a reason.  If they see passwords as arbitrary
hurdles (they already have full physical access
to the box) then they may not develop a respect
for security and will fail to take it seriously
when it is actually needed.

Jason


---- Begin Original Message ----
 From: Michael Fratoni <mfratoni at tuxfan.homeip.net>
Sent: Tue, 1 Jul 2003 20:02:34 -0400
Subject: Re: [RULE] Real Endusers installing w/
Slinky

On Tuesday 01 July 2003 07:19 pm, Michael Fratoni
wrote:
> I'll look at it. I have to tell you that I
*hate* the idea of creating
> a user with an empty password. It just goes
against everything I've
> always taught/been taught. I agree this might
add a small amount to the
> learning curve. In my mind, it's better to
learn the proper way, rather
> than learn sloppy security practices.

Thinking on this a bit more, a user "linux" with
a password of "linux" 
isn't any better than a null password. But I
still don't like it. ;)
Actually, I'm a bit surprised that the passwd/pam
utilities would allow 
'linux' as a password.

- -Michael
---- End Original Message ----



/earth: file system full
Help the planet each day! It's free and easy:
http://www.Care2.com/dailyaction/


_______________________________________________
Original home page of the RULE project: www.rule-project.org
Original Rule Development Site http://savannah.gnu.org/projects/rule/
Original RULE mailing list: Rule-list at nongnu.org, hosted at http://mail.nongnu.org/mailman/listinfo/rule-list




This full static mirror of the Run Up to Date Linux Everywhere Project mailing list, originally hosted at http://lists.hellug.gr/mailman/listinfo/rule-list, is kept online by Free Software popularizer, researcher and trainer Marco Fioretti. To know how you can support this archive, and Marco's work in general, please click here