Talk:Raspberry Pi Fedora Remix Administration

From CDOT Wiki
Revision as of 09:06, 11 March 2012 by GrayGirling (talk | contribs) (Created page with '== Password Management == By default this mix is pretty strict about passwords: * it is very keen on eliminating poor suggestions - I find that most of them won't be acceptable …')
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Password Management

By default this mix is pretty strict about passwords:

  • it is very keen on eliminating poor suggestions - I find that most of them won't be acceptable
  • it won't let you choose a new password more than three times before abandoning the attempt - you must be on-the-ball to spot when you have been successful otherwise you might get very confused
  • once successful it will only let you use the same password for a fixed amount of time

Unfortunately, if you don't use a network connection the remix won't know the time. This means that it will, very often, decide that you need to change your password.

Naturally the password system (PAM) won't let you use the same password twice in succession, so you will need to choose at least two acceptable passwords to use the system for any time.

I think it would be very useful to put information about how you change the password usage policy on this page.... just so that a new Raspberry Pi user can maintain sanity.

Root Access

/etc/sudoers is set up so that, logging on as a non-root user does won't let you use sudo. Most of the things you might want to do initially need root access. Every request for a new password is an opportunity for PAM to ask you to update your password and (noted above) this can be tedious. It might be worthwhile either to:

  • advise that users always log on as root
  • advise how to update /etc/sudoers to allow the user to use sudo ... probably without a password

[... as a former computer security consultant these suggestions are not easy for me to make, but I do feel that the system is verging on unsuable without some modification. Perhaps it would be sufficient to eliminate the time-dependency on password changes from PAM?]