Here is an interesting read:: Security brief: CoreOS Linux Alpha remote SSH issue May 19, 2016 ยท By Matthew Garrett
<snippets> Gentoo defaults to ending the PAM configuration with an optional pam_permit. This meant that failing both pam_unix and pam_sss on CoreOS systems would surprisingly result in authentication succeeding, and access being granted. The operator user was not used by CoreOS, but existed because it exists in the Gentoo Portage system from which CoreOS is derived. <end/snippets> Full read [1]. It kinda shows that CoreOS is derived from Gentoo and not ChromeOS; at least when time to blame a security lapse elsewhere.... enjoy, James [1] https://coreos.com/blog/
