[Fedora-infrastructure-list] better passwords ,etc
seth vidal
skvidal at linux.duke.edu
Sun Jul 16 14:13:31 UTC 2006
On Sat, 2006-07-15 at 18:34 +0200, Michael Schwendt wrote:
> On Sat, 15 Jul 2006 10:37:39 -0400, seth vidal wrote:
>
> > Hi,
> > Following on the post about stronger passwords - I have a better idea -
> > why don't we have no password at all.
> >
> > meaning - if you don't have the ssh key you cannot login to any of our
> > systems.
> >
> > Then we don't have to muck with passwords at all we just put nice
> > little !! in the field in the shadow.db file and we're done with it.
> >
> > What do you think?
>
> What about the passwords to the web interface? ;)
>
Two options spring to mind:
1. we use ssl certs for client auth which firefox, mozilla and konqueror
can all do now.
2. we keep the passwords for the web interface b/c there is less chance
of a local root compromise from someone who just has access to the web
interface than someone with shell access.
Think about this in light of the debian rooting.
We give shell access out to many people who might have crappy passwords.
Let's go for the low hanging fruit here.
-sv
More information about the infrastructure
mailing list