On Tue, 2013-05-21 at 14:09 -0700, Adam Williamson wrote:
On Tue, 2013-05-21 at 16:56 -0400, Simo Sorce wrote:
> > The other 'mandate user creation' option would be simply to do it in
> > (interactive) anaconda, and tell people who want to do installs without
> > a user account to use a kickstart or lump it. This has the advantage of
> > being one of the simplest possible approaches: all we'd have to do is
> > make user creation mandatory in anaconda and we could ditch
> > initial-setup and the pre-GDM bit of gnome-initial-setup. The
> > disadvantage of this approach, obviously, is it makes it harder for
> > those who have some kind of valid reason for doing an install with no
> > user account. Frankly, I quite like this option, the advantage of
> > simplicity is attractive. But I think it might be harder to get people
> > behind, cos people sure do love their choice!
>
> I have a FreeIPA server at home, I have no reason to create a user
> account. Why should you force me ?
The reason for forcing you would be that it was considered a greater
benefit to keep the install/first boot code paths simple than to make it
relatively easy to do installs with no user accounts. Remember, in this
mail, I was considering and presenting the pros and cons of all the
possible approaches. Please don't skim read and assume I'm advocating
one specific option. I did not in fact say I wanted to go ahead with
this option.
It was a generic 'you', I was not accusing you personally :)
> > The other possible alternative behaviour, of course, is to
go precisely
> > the other way, and not try and force the user into doing anything at
> > all. Again in this case it would make sense to ditch the 'firstboot'
> > stage. We'd simply leave anaconda alone, and kill initial-setup (and the
> > pre-GDM bit of gnome-initial-setup). This is again a nice and simple
> > approach. Its disadvantage is that it makes it nice and simple for a
> > 'regular' user to shoot herself in the foot. Experienced users can be
> > assumed to know the consequences of not creating a user account, sure.
> > But for the newbie who didn't do it and then pitched up at a GDM prompt
> > with no users, things would kind of suck. I am not a fan of this option.
>
> What's wrong with giving an option in anaconda and letting the user skip
> it ?
Nothing much, and if you actually read both my mails fully, that is
precisely the path I proposed.
Yeah I got that, I was just asking why we consider mandating something
when the current behavior seem, to work just fine.
> > It's very likely that the behaviour will differ
somewhat between GNOME
> > and all the other desktops for F19. This kind of inconsistency could be
> > viewed as a bit of a pity, but I don't think it's a huge practical
> > problem, and it may be that we can't get GNOME and the distro as a whole
> > to agree on whether user creation should be mandatory.
>
> It's unclear to me why Gnome should mandate user creation at all, since
> when Gnome is the OS Identity Management system/enforcer ?
Desktops and spins are considered to own their own destiny to at least
some extent. Effectively what is happening here is that the GNOME
desktop/spin believes that a user account should be mandatory to use
their desktop, and so they are enforcing the creation of one.
Well if you allow me this is a non-sequitur. Of course you need a user
account to login into a desktop environment, that doesn't mean you need
to force people to create a user account at install time. Some people
actually know what they are doing when they skip its creation.
If people think this is terrible and want to make a fuss about it,
there
are various avenues for doing so. Personally it doesn't bother me
overmuch.
Both g-i-s and anaconda/i-s appear to offer at least some mechanism for
configuring remote user accounts. I don't know in detail what
technologies they support; the g-i-s one looks like it supports at least
AD, I don't know what else. The anaconda/i-s "Use network login..."
button appears to do nothing in F19 Beta RC2. I'll file a bug on that.
It used to 'support' ldap and krb5 for auth and even a freeipa option,
but didn't really work in F18.
If someone wants to make user creation mandatory I think they should
first provide a working method to select external account providers in
anaconda. If that can't be done they should leave account creation
optional. Although it being a default and requiring an explicit and
noisy opt-out is fine by me.
Simo.
--
Simo Sorce * Red Hat, Inc * New York