Difference between revisions of "Talk:Raspberry Pi Fedora Remix Administration"
GrayGirling (talk | contribs) (Created page with '== Password Management == By default this mix is pretty strict about passwords: * it is very keen on eliminating poor suggestions - I find that most of them won't be acceptable …') |
Chris Tyler (talk | contribs) |
||
Line 1: | Line 1: | ||
+ | When writing on this page, please sign & date your posts (use the sign button or type <nowiki>--~~~~</nowiki>). | ||
+ | --[[User:Chris Tyler|Chris Tyler]] 14:16, 11 March 2012 (EDT) | ||
+ | |||
== Password Management == | == Password Management == | ||
Line 11: | Line 14: | ||
I think it would be very useful to put information about how you change the password usage policy on this page.... just so that a new Raspberry Pi user can maintain sanity. | I think it would be very useful to put information about how you change the password usage policy on this page.... just so that a new Raspberry Pi user can maintain sanity. | ||
+ | |||
+ | - GrayGirling, March 11 | ||
+ | |||
+ | Not having an accurate time causes all kinds of problems with PAM, yum, fsck, and much more. We need a better solution for this overall. Two that come to mind: if the network time is not available, setting the time to (last mount time of the root filesystem)+1 second, or asking the user for the date and time. | ||
+ | |||
+ | --[[User:Chris Tyler|Chris Tyler]] 14:16, 11 March 2012 (EDT) | ||
== Root Access == | == Root Access == | ||
Line 20: | Line 29: | ||
[... as a former computer security consultant these suggestions are not easy for me to make, but I do feel that the system is verging on unsuable without some modification. Perhaps it would be sufficient to eliminate the time-dependency on password changes from PAM?] | [... as a former computer security consultant these suggestions are not easy for me to make, but I do feel that the system is verging on unsuable without some modification. Perhaps it would be sufficient to eliminate the time-dependency on password changes from PAM?] | ||
+ | |||
+ | - GrayGirling, March 11 | ||
+ | |||
+ | Instructions on how to add sudo access are in the page; in F17 (next release) it's enabled by default. | ||
+ | |||
+ | --[[User:Chris Tyler|Chris Tyler]] 14:16, 11 March 2012 (EDT) |
Latest revision as of 13:16, 11 March 2012
When writing on this page, please sign & date your posts (use the sign button or type --~~~~). --Chris Tyler 14:16, 11 March 2012 (EDT)
Password Management
By default this mix is pretty strict about passwords:
- it is very keen on eliminating poor suggestions - I find that most of them won't be acceptable
- it won't let you choose a new password more than three times before abandoning the attempt - you must be on-the-ball to spot when you have been successful otherwise you might get very confused
- once successful it will only let you use the same password for a fixed amount of time
Unfortunately, if you don't use a network connection the remix won't know the time. This means that it will, very often, decide that you need to change your password.
Naturally the password system (PAM) won't let you use the same password twice in succession, so you will need to choose at least two acceptable passwords to use the system for any time.
I think it would be very useful to put information about how you change the password usage policy on this page.... just so that a new Raspberry Pi user can maintain sanity.
- GrayGirling, March 11
Not having an accurate time causes all kinds of problems with PAM, yum, fsck, and much more. We need a better solution for this overall. Two that come to mind: if the network time is not available, setting the time to (last mount time of the root filesystem)+1 second, or asking the user for the date and time.
--Chris Tyler 14:16, 11 March 2012 (EDT)
Root Access
/etc/sudoers is set up so that, logging on as a non-root user does won't let you use sudo. Most of the things you might want to do initially need root access. Every request for a new password is an opportunity for PAM to ask you to update your password and (noted above) this can be tedious. It might be worthwhile either to:
- advise that users always log on as root
- advise how to update /etc/sudoers to allow the user to use sudo ... probably without a password
[... as a former computer security consultant these suggestions are not easy for me to make, but I do feel that the system is verging on unsuable without some modification. Perhaps it would be sufficient to eliminate the time-dependency on password changes from PAM?]
- GrayGirling, March 11
Instructions on how to add sudo access are in the page; in F17 (next release) it's enabled by default.
--Chris Tyler 14:16, 11 March 2012 (EDT)