[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#44808: Default to allowing password authentication on leaves users v
From: |
Christopher Lemmer Webber |
Subject: |
bug#44808: Default to allowing password authentication on leaves users vulnerable |
Date: |
Tue, 08 Dec 2020 08:48:34 -0500 |
User-agent: |
mu4e 1.4.13; emacs 27.1 |
Mark H Weaver writes:
> Hi,
>
> "Dr. Arne Babenhauserheide" <arne_bab@web.de> writes:
>> To nudge them to secure their system, guix system reconfigure could emit
>> a warning that this is a potential security risk that requires setting
>> an explicit value (password yes or no) to silence.
>
> I think this is a good idea. Likewise, in the Guix installer, I would
> favor asking the user whether or not to enable password authentication,
> after warning them that it is a security risk.
>
> I agree with Chris that password authentication is a significant
> security risk, but I also worry that if we simply disable it, it will
> catch some users by surprise and they may be quite unhappy about it.
>
> Regards,
> Mark
It's clear that quite a few people are unhappy with switching the
default, fearing lockout. I'm fine with making the above compromise
given all that, personally.
- bug#44808: Default to allowing password authentication on leaves users vulnerable, (continued)
- bug#44808: Default to allowing password authentication on leaves users vulnerable, Ludovic Courtès, 2020/12/07
- bug#44808: Default to allowing password authentication on leaves users vulnerable, Dr. Arne Babenhauserheide, 2020/12/07
- bug#44808: Default to allowing password authentication on leaves users vulnerable, Christopher Lemmer Webber, 2020/12/07
- bug#44808: Default to allowing password authentication on leaves users vulnerable, Dr. Arne Babenhauserheide, 2020/12/07
- bug#44808: Default to allowing password authentication on leaves users vulnerable, Mark H Weaver, 2020/12/07
- bug#44808: Default to allowing password authentication on leaves users vulnerable, Ludovic Courtès, 2020/12/08
- bug#44808: Default to allowing password authentication on leaves users vulnerable, Mark H Weaver, 2020/12/08
- bug#44808: Default to allowing password authentication on leaves users vulnerable, Ludovic Courtès, 2020/12/10
- bug#44808: Default to allowing password authentication on leaves users vulnerable, Mark H Weaver, 2020/12/10
- bug#44808: Default to allowing password authentication on leaves users vulnerable, Ludovic Courtès, 2020/12/11
- bug#44808: Default to allowing password authentication on leaves users vulnerable,
Christopher Lemmer Webber <=
bug#44808: Default to allowing password authentication on leaves users vulnerable, Leo Famulari, 2020/12/07