Bug#679751: please clarify package account and home directory location in policy
On Tue, Jul 03, 2012 at 10:04:45AM -0700, Russ Allbery wrote:
> Marc Haber <mh+debian-packages@zugschlus.de> writes:
> > On Mon, Jul 02, 2012 at 02:29:53PM -0700, Russ Allbery wrote:
>
> >> Ah, okay. For that use case, the only thing that you would care about the
> >> user home directory containing is the authorized_keys file, correct?
>
> > known_hosts and the key itself.
>
> Oh, right, for the client. Yes, yes.
>
> Well, personally I would not consider either the client's key or the
> known_hosts file to be configuration files. Why not generate the client's
> key automatically with ssh-keygen on client package installation, and then
> let it discover the known_hosts configuration via some mechanism, leaving
> both of those in /var/lib? That would satisfy the requirement that the
> admin not have to touch things in /var/lib to make the package work, and
> would also simplify setup (since then building the authorized_keys file is
> just a matter of catting together the id_rsa.pub files).
The package itself caters only for presenter and collector on the same
machine, which is done to give a working setup after installation. The
package is not likely to be used in this configuration in any
productive environment. ssh is one of the variants that is offered to
the admin as optional, local configuration. So she needs to manually
touch ssh stuff.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 31958061
Nordisch by Nature | How to make an American Quilt | Fax: *49 621 31958062
Reply to: