On Tue, May 18, 2010 at 12:06:31PM +0200, Finn-Arne Johansen wrote:
On 05/18/2010 11:06 AM, Jonas Smedegaard wrote:
I do not find it uncommon to use a quick'n'dirty password at install time and then tighten security later. With this approach the too weak, temporary, initial password would silently become a weak backdoor into the system.If you know how to administer things, you would also know that you need to change another password as well.
This is not an admin issue, but a distro design (i.e. install or deployment) issue: Knowledge of admin tasks certainly is *not* equal to knowlege of bootstrapping quirks!
Debian installer provides a mechanism to handle a single simple password for root - anything beyond that cause dialogs to pop up at install time.
Debian-Edu both adds more complex security mechanisms and silences dialogs about their initial setup.
- Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
Description: Digital signature