[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Default user decisions

On Thu, May 01, 2008 at 09:48:45AM -0400, John Reese wrote:
> Marco Amadori wrote:
> > Alle Sunday 27 April 2008, Daniel Baumann ha scritto:
> > 
> >> The only other live system I know remotely, uses username 'ubuntu' and
> >> no password.
> > 
> >> That made me curious what others think. So, what do *you* guys think?
> >> Should it be left as is? Or do you have other preferences? How do other
> >> live systems do it?
> > 
> > ssh wise, Ubuntu's choice is more secure, because it disallows ssh logins if 
> > the local console user did not provide a new password.
> > 
> > I think that using a NULL password like ubuntu do and providing both an 
> > interactive way to change it and a boot parameter could be the way I would 
> > like to have the user password managed.
> > 
> > That way we could have a more secure default image approach, a secure personal 
> > use approach and the ability to set a password easely at build time.
> I have to agree with this.  I really like the Ubuntu approach to 
> securing the root/default users, and I'd like to put my support behind 
> making this behavior the preferred method.

A user has to install ssh explicitly, anyway.

But what happens when that "secure" user installs a service that doesn't
care about empty passwords?

               Tzafrir Cohen
icq#16849755              jabber:tzafrir.cohen at xorcom.com
+972-50-7952406           mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com  iax:guest at local.xorcom.com/tzafrir

Reply to: