Summary of password strength discussion
Bastien Nocera
bnocera at redhat.com
Mon Jul 27 08:27:29 UTC 2015
----- Original Message -----
> On Fri, Jul 24, 2015 at 12:42:51PM -0600, Chris Murphy wrote:
> > OK so you're suggesting this only get provisioned with MFA if the user
> > enables SSH in the GNOME GUI? If it's enabled via systemctl then it's
> > just password only, and no MFA? Because if MFA is required then there
>
> Right, unless you configure multi-factor by hand. My specific concer is
> that there's a relatively easy to access switch which opens up the
> system to more exposure than may be immediately obvious. I think the
> idea of forcing a password change when this switch is toggled has some
> problems. Maybe adding some more explanatory text to the dialog for
> enabling "Remote login" could help, but I'm skeptical about that too;
> hence this suggestion.
That same person you don't trust to know what "Remote Login" does can
run "curl ... | bash" on the command-line and trash the system.
More information about the desktop
mailing list