> > > The only other approach I could see for the headless
> > > servers would be mandating the enrollment in an identity domain at
> > > installation time (such as to FreeIPA or Active Directory).
> >
> > And in this scenario we should absolutely disable PermitRootLogin.
>
> So that if you have issues with the connector, you have to reboot the
> machine and be physically present to fix anything.
>
> Not really a grand plan IMO.
Earlier in the discussions I was told that this is not really an issue: in
production, about every server with remote access also has a KVM.
Mirek
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
